Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Eac_BypassV3.exe

  • Size

    8.3MB

  • Sample

    230418-xtcabade76

  • MD5

    37715eb953675cd9107f73ef6eeaa87e

  • SHA1

    96e404fbd7c2792f44656197f0c77d622e4a2872

  • SHA256

    c405f88b3ea3ed9a2b628c8419c23c3bcd45a1d875378721ccb816a73d4e75d6

  • SHA512

    c6c7eb48830ac899241093c04a85365b9c69ce22af793148f72d9db7df24264e0b79f68ed2efd31471291f7a73bfa76577e946577e2a0c15fc3760d157643b95

  • SSDEEP

    196608:UQ6Vbpb7KX/HdN16B6yYnlPzf+JiT4n3XWKsMvzBVYP3hzHK:EbYXPwBRYnlPSF3VvvzT4

Malware Config

Targets

    • Target

      Eac_BypassV3.exe

    • Size

      8.3MB

    • MD5

      37715eb953675cd9107f73ef6eeaa87e

    • SHA1

      96e404fbd7c2792f44656197f0c77d622e4a2872

    • SHA256

      c405f88b3ea3ed9a2b628c8419c23c3bcd45a1d875378721ccb816a73d4e75d6

    • SHA512

      c6c7eb48830ac899241093c04a85365b9c69ce22af793148f72d9db7df24264e0b79f68ed2efd31471291f7a73bfa76577e946577e2a0c15fc3760d157643b95

    • SSDEEP

      196608:UQ6Vbpb7KX/HdN16B6yYnlPzf+JiT4n3XWKsMvzBVYP3hzHK:EbYXPwBRYnlPSF3VvvzT4

    Score
    9/10
    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks