Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b5bdd8131639f3d45836b78d7f7160cf3416acfdf7cc8b4a42554b7db1f2a4e8

  • Size

    1.5MB

  • Sample

    230419-b4xs4shc8v

  • MD5

    eb35b1a36918d01d91df9e13e093a20b

  • SHA1

    37e7a879cfdfdd6ec16d0c23b340997f845d994a

  • SHA256

    b5bdd8131639f3d45836b78d7f7160cf3416acfdf7cc8b4a42554b7db1f2a4e8

  • SHA512

    4991e6acbc6987a85bfdf4b733308fd966020857ed0b752cecf8b85ef45f843e4e7b42ee9c8b433f0fe7bd22175f76560d6f3416252463b5cbf25617a708c244

  • SSDEEP

    49152:VpZ+C83XRDeSg6DX9q0EmZwxOm30k//iV3wx0l:f83XheSdtPEm2xOm1nI3wa

Malware Config

Targets

    • Target

      b5bdd8131639f3d45836b78d7f7160cf3416acfdf7cc8b4a42554b7db1f2a4e8

    • Size

      1.5MB

    • MD5

      eb35b1a36918d01d91df9e13e093a20b

    • SHA1

      37e7a879cfdfdd6ec16d0c23b340997f845d994a

    • SHA256

      b5bdd8131639f3d45836b78d7f7160cf3416acfdf7cc8b4a42554b7db1f2a4e8

    • SHA512

      4991e6acbc6987a85bfdf4b733308fd966020857ed0b752cecf8b85ef45f843e4e7b42ee9c8b433f0fe7bd22175f76560d6f3416252463b5cbf25617a708c244

    • SSDEEP

      49152:VpZ+C83XRDeSg6DX9q0EmZwxOm30k//iV3wx0l:f83XheSdtPEm2xOm1nI3wa

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks