Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    idman641build2f.exe

  • Size

    10.7MB

  • Sample

    221231-df3qkacc6t

  • MD5

    ca690e26a00564a3ec339104b7efd956

  • SHA1

    dfcec51ac1c218b81ecf76bdb52188377b024274

  • SHA256

    cd1d8cf22706294da803da14746c29e73ed4ebf3912ee35320cfc7d08ae0d721

  • SHA512

    0a4a478dbe95aa80fe6cf67dedb09720c597b21dd5e5ec11908e0bd5925d2af083e37b66a294c0219b22ebba9c30f2dc7f80407853b7d67927483fe17def0db9

  • SSDEEP

    196608:Aa5pfFt6hJp9lQEDKAWHNUzp6eUQdldLrngfonm0DmxZOwrY8iQvD2pe+Bm:Tp7U8asUNbpn7z8Z7XvKpdm

Malware Config

Targets

    • Target

      idman641build2f.exe

    • Size

      10.7MB

    • MD5

      ca690e26a00564a3ec339104b7efd956

    • SHA1

      dfcec51ac1c218b81ecf76bdb52188377b024274

    • SHA256

      cd1d8cf22706294da803da14746c29e73ed4ebf3912ee35320cfc7d08ae0d721

    • SHA512

      0a4a478dbe95aa80fe6cf67dedb09720c597b21dd5e5ec11908e0bd5925d2af083e37b66a294c0219b22ebba9c30f2dc7f80407853b7d67927483fe17def0db9

    • SSDEEP

      196608:Aa5pfFt6hJp9lQEDKAWHNUzp6eUQdldLrngfonm0DmxZOwrY8iQvD2pe+Bm:Tp7U8asUNbpn7z8Z7XvKpdm

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Registers COM server for autorun

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

MITRE ATT&CK Enterprise v6

Tasks