Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fb131e828de1f849d3f2a15ed864ae88.exe

  • Size

    1.5MB

  • Sample

    230418-tf782sec51

  • MD5

    fb131e828de1f849d3f2a15ed864ae88

  • SHA1

    0a52df16e16114deb7857ca674c696c16b08fc0b

  • SHA256

    bffdc909227ee8bce072f4f607cde0901b1bbb534930909b2351df3e715943ae

  • SHA512

    9f43ecf68123a03ca16244a9c387738ecf8d3e29317e4c69df9eaa0696e158785933baa1eb1493e0633fe1e9ec715e3af3e0a564199bf3660d668abeea96ba60

  • SSDEEP

    49152:zh6qPtjR7HFWQRGzIbQ4pG2X8MpwENJk:QqPtl7lVRjnRwEN

Malware Config

Targets

    • Target

      fb131e828de1f849d3f2a15ed864ae88.exe

    • Size

      1.5MB

    • MD5

      fb131e828de1f849d3f2a15ed864ae88

    • SHA1

      0a52df16e16114deb7857ca674c696c16b08fc0b

    • SHA256

      bffdc909227ee8bce072f4f607cde0901b1bbb534930909b2351df3e715943ae

    • SHA512

      9f43ecf68123a03ca16244a9c387738ecf8d3e29317e4c69df9eaa0696e158785933baa1eb1493e0633fe1e9ec715e3af3e0a564199bf3660d668abeea96ba60

    • SSDEEP

      49152:zh6qPtjR7HFWQRGzIbQ4pG2X8MpwENJk:QqPtl7lVRjnRwEN

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks