Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4103ddb2f84c6cc5aa850a84f9096542e8a3557b1ee8a9cf12143e973f67c2e9

  • Size

    963KB

  • Sample

    230419-w3c3jacf55

  • MD5

    b950e5ca3915232df4d3a79ddb8c0a7e

  • SHA1

    b0369ac409d832ae487f1e4a9841f844111ef367

  • SHA256

    4103ddb2f84c6cc5aa850a84f9096542e8a3557b1ee8a9cf12143e973f67c2e9

  • SHA512

    7ea9283f5e045f7bc0321962068ff7a76f0afde6b9d77349eb017f8326b0c4fd65e452c42b7052ddeebea98d1dde45f3c63a7f40b3c1b8687170fa56527d6b10

  • SSDEEP

    12288:/y90wxSjpJZUG8VMjKM6pQXbQXfiFrocEzGK+JefLZpAdmpTCpOrcOc0h92N0UMB:/ynQ3uMtGor8zGvefLUdCqOgBoUMRfz

Malware Config

Targets

    • Target

      4103ddb2f84c6cc5aa850a84f9096542e8a3557b1ee8a9cf12143e973f67c2e9

    • Size

      963KB

    • MD5

      b950e5ca3915232df4d3a79ddb8c0a7e

    • SHA1

      b0369ac409d832ae487f1e4a9841f844111ef367

    • SHA256

      4103ddb2f84c6cc5aa850a84f9096542e8a3557b1ee8a9cf12143e973f67c2e9

    • SHA512

      7ea9283f5e045f7bc0321962068ff7a76f0afde6b9d77349eb017f8326b0c4fd65e452c42b7052ddeebea98d1dde45f3c63a7f40b3c1b8687170fa56527d6b10

    • SSDEEP

      12288:/y90wxSjpJZUG8VMjKM6pQXbQXfiFrocEzGK+JefLZpAdmpTCpOrcOc0h92N0UMB:/ynQ3uMtGor8zGvefLUdCqOgBoUMRfz

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks