Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    BraveBrowserSetup (2).exe

  • Size

    1.3MB

  • Sample

    230328-b5ezpagc92

  • MD5

    d7b3f0ba9013b54f0ee26f8e1363db6f

  • SHA1

    4e2d0ef3b828c700c22862472ee5eaebb1e78161

  • SHA256

    b8546f2662b5f95baf2f2fd25c3207c50403428bd73b71721bd8f02cfb65e6d6

  • SHA512

    47a64d4919b1232a0c5c8e5af209836fb154aa2fe8fb7bad4b63cda03f7d837705cfc263a0d9ac10196a4bbe12df289127f79802039504f43070dc064de1a909

  • SSDEEP

    24576:XahOv5YWCTmhb+i8XvfZX51YTjph3PvsomqtcbeWA8v10RvMgCUWA:KhOvPCTmhIRKHmucyW190RvtCUR

Malware Config

Targets

    • Target

      BraveBrowserSetup (2).exe

    • Size

      1.3MB

    • MD5

      d7b3f0ba9013b54f0ee26f8e1363db6f

    • SHA1

      4e2d0ef3b828c700c22862472ee5eaebb1e78161

    • SHA256

      b8546f2662b5f95baf2f2fd25c3207c50403428bd73b71721bd8f02cfb65e6d6

    • SHA512

      47a64d4919b1232a0c5c8e5af209836fb154aa2fe8fb7bad4b63cda03f7d837705cfc263a0d9ac10196a4bbe12df289127f79802039504f43070dc064de1a909

    • SSDEEP

      24576:XahOv5YWCTmhb+i8XvfZX51YTjph3PvsomqtcbeWA8v10RvMgCUWA:KhOvPCTmhIRKHmucyW190RvtCUR

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks