Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    43b3e52d38e88c5bb07555ae690110d04b1d44d4d76433a3fd370e36d2850506

  • Size

    939KB

  • Sample

    230419-ekkafsgb57

  • MD5

    6ee3c0815786632c0ef14c77bf451e3e

  • SHA1

    bfee233a8c22df5b8cea200b5d29b4ed956b83af

  • SHA256

    43b3e52d38e88c5bb07555ae690110d04b1d44d4d76433a3fd370e36d2850506

  • SHA512

    4599bb68d6c444c6ea499a476dabe472751d61f582db5b2354e98768734635b69ae6cd0a4bb783325eb0a5cfbe89fbe4995798e026797892f3795137915165af

  • SSDEEP

    12288:vy90oOwpQu8nuxlJ6dsUBosij8OynxICpAglzLHPyVdU5tdy7WhWcuYuOA+:vyUw788lJEs5sFxfqgtKVdU5zAsuYdH

Malware Config

Targets

    • Target

      43b3e52d38e88c5bb07555ae690110d04b1d44d4d76433a3fd370e36d2850506

    • Size

      939KB

    • MD5

      6ee3c0815786632c0ef14c77bf451e3e

    • SHA1

      bfee233a8c22df5b8cea200b5d29b4ed956b83af

    • SHA256

      43b3e52d38e88c5bb07555ae690110d04b1d44d4d76433a3fd370e36d2850506

    • SHA512

      4599bb68d6c444c6ea499a476dabe472751d61f582db5b2354e98768734635b69ae6cd0a4bb783325eb0a5cfbe89fbe4995798e026797892f3795137915165af

    • SSDEEP

      12288:vy90oOwpQu8nuxlJ6dsUBosij8OynxICpAglzLHPyVdU5tdy7WhWcuYuOA+:vyUw788lJEs5sFxfqgtKVdU5zAsuYdH

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks