Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8109535327593a1bedfdca02434369e7524a393a769b766f8baa9c88fbce7d47

  • Size

    1.1MB

  • Sample

    230110-sqv6ssge38

  • MD5

    83735f17dd18f712f9fbcefa521395da

  • SHA1

    30ebe706ec893dcb14ff0ce4eae6e548911d3459

  • SHA256

    8109535327593a1bedfdca02434369e7524a393a769b766f8baa9c88fbce7d47

  • SHA512

    4872228762a87819802e16f3b8226278cd4c6e5bc929d99b4cd8efb3cc059a7aa8b296eae5947b8fce9372d4a1d2e6f132446bdbd9923793d37020c9e836fa97

  • SSDEEP

    24576:ADe1yTyabX7slOCwjiYacsj0p4dmmseJJ+DFXoxoxa1+Ow+aE:AD8mfiYacsIafseJJ+OexvE

Malware Config

Targets

    • Target

      8109535327593a1bedfdca02434369e7524a393a769b766f8baa9c88fbce7d47

    • Size

      1.1MB

    • MD5

      83735f17dd18f712f9fbcefa521395da

    • SHA1

      30ebe706ec893dcb14ff0ce4eae6e548911d3459

    • SHA256

      8109535327593a1bedfdca02434369e7524a393a769b766f8baa9c88fbce7d47

    • SHA512

      4872228762a87819802e16f3b8226278cd4c6e5bc929d99b4cd8efb3cc059a7aa8b296eae5947b8fce9372d4a1d2e6f132446bdbd9923793d37020c9e836fa97

    • SSDEEP

      24576:ADe1yTyabX7slOCwjiYacsj0p4dmmseJJ+DFXoxoxa1+Ow+aE:AD8mfiYacsIafseJJ+OexvE

    • Blocklisted process makes network request

    • Sets DLL path for service in the registry

    • Sets service image path in registry

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks