Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d20008051ebd536e50d34dcc4e718804.exe

  • Size

    4.1MB

  • Sample

    230309-ek72hshd21

  • MD5

    d20008051ebd536e50d34dcc4e718804

  • SHA1

    d1026c5402523e2ce23a7b7855ce2b2d36d8316a

  • SHA256

    844b92d102379990f96dd712b1eb2ade90bee0412333a11a74f77723ff4f91f9

  • SHA512

    c98bf8f92f98920f8b6f8961d7b1c136e8159aaf43ee5716337b5b66d69da483b8d207df2ff360ff981203c08369c8d13272bc73f7dfb60fc8dd0c10640b85fc

  • SSDEEP

    98304:ShSlPgpqvGXI30baIvyatgFiw/+TMmoiN3cwbMtnb5hJ7iPDi7Og:Sh7pqvqvwUwYpNMwbeb5hSDi7O

Malware Config

Targets

    • Target

      d20008051ebd536e50d34dcc4e718804.exe

    • Size

      4.1MB

    • MD5

      d20008051ebd536e50d34dcc4e718804

    • SHA1

      d1026c5402523e2ce23a7b7855ce2b2d36d8316a

    • SHA256

      844b92d102379990f96dd712b1eb2ade90bee0412333a11a74f77723ff4f91f9

    • SHA512

      c98bf8f92f98920f8b6f8961d7b1c136e8159aaf43ee5716337b5b66d69da483b8d207df2ff360ff981203c08369c8d13272bc73f7dfb60fc8dd0c10640b85fc

    • SSDEEP

      98304:ShSlPgpqvGXI30baIvyatgFiw/+TMmoiN3cwbMtnb5hJ7iPDi7Og:Sh7pqvqvwUwYpNMwbeb5hSDi7O

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks