Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9e37ed80e9b94624b4eb15b005cada730d941cfa

  • Size

    318KB

  • Sample

    230201-p94eqsfc4w

  • MD5

    5570e31ee5a4dbcdde6b302867fbf790

  • SHA1

    9e37ed80e9b94624b4eb15b005cada730d941cfa

  • SHA256

    29ae2323ba55db42ad131386ef87f2748bc3fd98327b54a1bcc6378387494c8c

  • SHA512

    95995c8877a967c6a0c8aba008bb4fa411df31e7b7105504b247a24c80d10fd157b1b0ca2f2350e9c59024ce6e29d525051d7d8f4fccd9ee629ce1a2385a2487

  • SSDEEP

    6144:/Ya6Tsc4TrmPM1oY2QZ9w9wcBiPaJpKe8O9x7WwRG9PWx3H:/Yhscz0W44xgQAeRtWwRG9PI3

Malware Config

Targets

    • Target

      9e37ed80e9b94624b4eb15b005cada730d941cfa

    • Size

      318KB

    • MD5

      5570e31ee5a4dbcdde6b302867fbf790

    • SHA1

      9e37ed80e9b94624b4eb15b005cada730d941cfa

    • SHA256

      29ae2323ba55db42ad131386ef87f2748bc3fd98327b54a1bcc6378387494c8c

    • SHA512

      95995c8877a967c6a0c8aba008bb4fa411df31e7b7105504b247a24c80d10fd157b1b0ca2f2350e9c59024ce6e29d525051d7d8f4fccd9ee629ce1a2385a2487

    • SSDEEP

      6144:/Ya6Tsc4TrmPM1oY2QZ9w9wcBiPaJpKe8O9x7WwRG9PWx3H:/Yhscz0W44xgQAeRtWwRG9PI3

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks