Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    79d637eda91c72961b25b64b7ce12a8328cc408b

  • Size

    448KB

  • Sample

    230114-hz7k3sff5z

  • MD5

    c6c5fa8bfd81a3beb06fc36e71f86f37

  • SHA1

    79d637eda91c72961b25b64b7ce12a8328cc408b

  • SHA256

    1e61114dd0413c14225fd80ca645f3826d73c06319c71f24c29757c1cefaa163

  • SHA512

    488c24160b77e2008bd9c29186f66a62c1ad0232489957843060dd8632e2a4379919d7931e8f30b01b6aca495756321eb8f0cbd3ecc33883480c2500c7cd6d38

  • SSDEEP

    6144:OYa6zAE34VkTwN3tcYVljOqxpaYNGrtgbARYWscmlG8b5/mp4Zmv2QG:OYKE5+drljOqnayGBgbXcmlG8bm4wo

Malware Config

Targets

    • Target

      79d637eda91c72961b25b64b7ce12a8328cc408b

    • Size

      448KB

    • MD5

      c6c5fa8bfd81a3beb06fc36e71f86f37

    • SHA1

      79d637eda91c72961b25b64b7ce12a8328cc408b

    • SHA256

      1e61114dd0413c14225fd80ca645f3826d73c06319c71f24c29757c1cefaa163

    • SHA512

      488c24160b77e2008bd9c29186f66a62c1ad0232489957843060dd8632e2a4379919d7931e8f30b01b6aca495756321eb8f0cbd3ecc33883480c2500c7cd6d38

    • SSDEEP

      6144:OYa6zAE34VkTwN3tcYVljOqxpaYNGrtgbARYWscmlG8b5/mp4Zmv2QG:OYKE5+drljOqnayGBgbXcmlG8bm4wo

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks