Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    70ab90c5accfc6f53e32a8698909f75d0abc11f9e6e8b3e0ae32c5a1c74c20f2

  • Size

    827KB

  • Sample

    230419-qv874sag69

  • MD5

    5038c94c160c6e6585a5a04ec0b7d372

  • SHA1

    2b0ac4555c5fe3105ae12a821755ec0c0ac90e41

  • SHA256

    70ab90c5accfc6f53e32a8698909f75d0abc11f9e6e8b3e0ae32c5a1c74c20f2

  • SHA512

    3d10c4789635c5ddf88ddf1a7705f9e81145bb7c38bc3e7b5be967ab87534f9c49d45d48d7aa89df3795632487ce436bac41309fecdbe23d2472fc8afd34c064

  • SSDEEP

    12288:hy90xVVyfdVhMMC0tTTAjbTIeT7qge4nU139AQtjuNg8Wb+AdVCsc+hImbL2:hyY+NA37Hqge4ncvj4grksc+hlS

Malware Config

Targets

    • Target

      70ab90c5accfc6f53e32a8698909f75d0abc11f9e6e8b3e0ae32c5a1c74c20f2

    • Size

      827KB

    • MD5

      5038c94c160c6e6585a5a04ec0b7d372

    • SHA1

      2b0ac4555c5fe3105ae12a821755ec0c0ac90e41

    • SHA256

      70ab90c5accfc6f53e32a8698909f75d0abc11f9e6e8b3e0ae32c5a1c74c20f2

    • SHA512

      3d10c4789635c5ddf88ddf1a7705f9e81145bb7c38bc3e7b5be967ab87534f9c49d45d48d7aa89df3795632487ce436bac41309fecdbe23d2472fc8afd34c064

    • SSDEEP

      12288:hy90xVVyfdVhMMC0tTTAjbTIeT7qge4nU139AQtjuNg8Wb+AdVCsc+hImbL2:hyY+NA37Hqge4ncvj4grksc+hlS

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks