Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3b34354c9ea63683e7d29da8afff9b0e52281d161f2cf246551d747ffdea6fd0.zip

  • Size

    260KB

  • Sample

    230310-m1gs9sef71

  • MD5

    17ea006f0e792af70160a8ef4f1e9656

  • SHA1

    81aa5ee84c55fa369f8d9c70db81fa92a44b0c59

  • SHA256

    33a45407d17597570a6c9089697b28b553341fd8c95054befb875d4c41db7b81

  • SHA512

    9b0c7f9a9e9138b5b45a60b7094e4fa9bea270544a9bc3894b7a18b6b3e085c8594a359c6fa2f3a938964cf3436f28578662711cfcafbbac03ae78c2b7abf44f

  • SSDEEP

    6144:jzPgvYhbEkgO8AJ7fjTNnJG51ZWa42meKokmGdSDN0+bC:j7Jb7FtjTDoWJfHokmQSRa

Score
7/10

Malware Config

Targets

    • Target

      3b34354c9ea63683e7d29da8afff9b0e52281d161f2cf246551d747ffdea6fd0.exe

    • Size

      274KB

    • MD5

      ce35c32c500daa630018f0f58a959d30

    • SHA1

      3a8bcfbaf1d98a473f8fd69504f5c07c2ec67110

    • SHA256

      3b34354c9ea63683e7d29da8afff9b0e52281d161f2cf246551d747ffdea6fd0

    • SHA512

      b4e08da983cf6563ec0db79891553b6a25d0681367b58a66019a020a1560810a61d04410fe27191a4dd475bd87d966a892ffca37658de2d443de988a4926345e

    • SSDEEP

      6144:vYa6XmjDWRNygGdSSLCV5VsSqN34Kz639MR61r/h78H4AMIlZyr63O:vYtaDcwSSLcIRWo+78cITO

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks