Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    42799223.js

  • Size

    337KB

  • Sample

    230301-hs7x9sef4t

  • MD5

    98852e60ba7c53901110f0b5252ca2e1

  • SHA1

    75dd09aef979344a7a3980ef7a68dfc6af26d9f4

  • SHA256

    d89d414f788968b51167e9020ea772fd1e869a5633604042185cc37c2056a20c

  • SHA512

    e4b5b2c33cfffb4edc400ceb9ac0f079ccf12607fd161fa35f016192132f11081910e03da40f6759210f7f92b9b5967a21977dc20e5dd0722a03464a735ad274

  • SSDEEP

    6144:GQlhss9OrDm+2FeaIPNIGNd3o6vjjJe+FW2wG1v2WOpsTA91:NzhwrDmzFgIGNdrjJ7hwGxA1

Malware Config

Targets

    • Target

      42799223.js

    • Size

      337KB

    • MD5

      98852e60ba7c53901110f0b5252ca2e1

    • SHA1

      75dd09aef979344a7a3980ef7a68dfc6af26d9f4

    • SHA256

      d89d414f788968b51167e9020ea772fd1e869a5633604042185cc37c2056a20c

    • SHA512

      e4b5b2c33cfffb4edc400ceb9ac0f079ccf12607fd161fa35f016192132f11081910e03da40f6759210f7f92b9b5967a21977dc20e5dd0722a03464a735ad274

    • SSDEEP

      6144:GQlhss9OrDm+2FeaIPNIGNd3o6vjjJe+FW2wG1v2WOpsTA91:NzhwrDmzFgIGNdrjJ7hwGxA1

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks