Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f1cf96c3d2f53053d6a4db5b3171fdd9a2651e114b5056f8ea8853e0ad91aef2

  • Size

    283KB

  • Sample

    221205-xj8wjafd59

  • MD5

    63fe64c62437e3c58b49c0524275dacc

  • SHA1

    30a0e544b79c11bb6a62bb0cfba9b0645dfff7ed

  • SHA256

    f1cf96c3d2f53053d6a4db5b3171fdd9a2651e114b5056f8ea8853e0ad91aef2

  • SHA512

    abc9039671148cdc7a2593134feb3e80d0b026292707cd3aa95ce46bca8c95d06fc96e1b42dbf99e0884ee1d377940c6eb1d181ac00c8ac16d8dc5a1fc2fb230

  • SSDEEP

    6144:w7vXDRS0wfOxqpBW8gto5ZsdZjJMQcYWqz9t/Qs/FvN5c1:ivdS9OxqpBDgOAZV11n9trvN5

Malware Config

Targets

    • Target

      f1cf96c3d2f53053d6a4db5b3171fdd9a2651e114b5056f8ea8853e0ad91aef2

    • Size

      283KB

    • MD5

      63fe64c62437e3c58b49c0524275dacc

    • SHA1

      30a0e544b79c11bb6a62bb0cfba9b0645dfff7ed

    • SHA256

      f1cf96c3d2f53053d6a4db5b3171fdd9a2651e114b5056f8ea8853e0ad91aef2

    • SHA512

      abc9039671148cdc7a2593134feb3e80d0b026292707cd3aa95ce46bca8c95d06fc96e1b42dbf99e0884ee1d377940c6eb1d181ac00c8ac16d8dc5a1fc2fb230

    • SSDEEP

      6144:w7vXDRS0wfOxqpBW8gto5ZsdZjJMQcYWqz9t/Qs/FvN5c1:ivdS9OxqpBDgOAZV11n9trvN5

    • Modifies security service

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Disables taskbar notifications via registry modification

    • Executes dropped EXE

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks