Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PAGAMENTO GENNAIO.tgz

  • Size

    1.0MB

  • Sample

    230113-mplyvaca4t

  • MD5

    fc1c91f439fb46b478da48e741ff6c6a

  • SHA1

    cf9fc56e1e1a658fe0506d9d6ede7f7bdc05bd83

  • SHA256

    861cc2ceed5af0dbc40f9490cf6a0060bf2d13b7a6c48046f56aeee40241f319

  • SHA512

    33c920a88cd1a6ee1172f128afaab490ad8db0c438112e1d8e06618e816be13c34657b65b4a6d68b49160991f0b969012c9787814ac8a80b9ed65c34ec31d267

  • SSDEEP

    24576:vyX5+wMNz9f7XUsLLcAgqEhF3ucTpXgnyeKj2T:apRMNdXlLLchnhF3uQtgnVG2T

Malware Config

Targets

    • Target

      PAGAMENTO GENNAIO.exe

    • Size

      300.9MB

    • MD5

      c79fa8ea960f6d3627a0d06c3f71650e

    • SHA1

      054055ca4c06a28f4ac43d6a7953c6ad9840c31b

    • SHA256

      3480652d791f1220146d9b3523db13865fc7cb32d44faa65cbe5b24058749ce0

    • SHA512

      26724627bccddf2c38292a8843a8e2c79359ff2ffcb44eb8bbb88e2e1bc4feaeb010f8498fff8811a529e6b99c77055a33d4aa04a1b836384c441a61e12bf88d

    • SSDEEP

      24576:4QXf+U+Nv9p7HUELDcAgKwlFp+PXgVOKPtPD4:BPP+NfHjLDchdlFp+/gAuPD4

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks