Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    OperaGXSetup.exe

  • Size

    3.4MB

  • Sample

    230105-3artjshb9v

  • MD5

    be747c6d88ba6a96dd12100e8e757187

  • SHA1

    4dfff60d74788c6d9dd7b6131fea7b29f1f388f0

  • SHA256

    ccaf1953f0e8417ec41515798f3aa14a2b339dc9a7b2c21723641e345cb4e228

  • SHA512

    b2295ba4fb0007470760f0be89dce081a02e00b1c0f2588efeb338f8e37574bdf3bad08beb919fe7d270c762f853107a67e6f98f850ee468a1bb6e1edb753dd0

  • SSDEEP

    98304:AXSnLaSe4CvSfg7M/Stz/9dSxVBtzV/u+kZaLHc42KrHllrdSVW8:GuLw4GD7YI/fSxu+ml4DFlOn

Malware Config

Targets

    • Target

      OperaGXSetup.exe

    • Size

      3.4MB

    • MD5

      be747c6d88ba6a96dd12100e8e757187

    • SHA1

      4dfff60d74788c6d9dd7b6131fea7b29f1f388f0

    • SHA256

      ccaf1953f0e8417ec41515798f3aa14a2b339dc9a7b2c21723641e345cb4e228

    • SHA512

      b2295ba4fb0007470760f0be89dce081a02e00b1c0f2588efeb338f8e37574bdf3bad08beb919fe7d270c762f853107a67e6f98f850ee468a1bb6e1edb753dd0

    • SSDEEP

      98304:AXSnLaSe4CvSfg7M/Stz/9dSxVBtzV/u+kZaLHc42KrHllrdSVW8:GuLw4GD7YI/fSxu+ml4DFlOn

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Registers COM server for autorun

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks