Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b843a50531f8a3318e7f92ac1b966bca1baf2fff22280d0e2d49502eb411bb29

  • Size

    920KB

  • Sample

    230420-123n1sce89

  • MD5

    54e9e5e6075e742aaf11ca8944af9b75

  • SHA1

    daa83d745a6dcd75a4dd5db608ec023b20f169bd

  • SHA256

    b843a50531f8a3318e7f92ac1b966bca1baf2fff22280d0e2d49502eb411bb29

  • SHA512

    bfc30dfd1ad08e892fd9e3f1df9b5ff1ae7d9e9c143c11709dfe6130d6b7cc79d109d7c950159e9aa8b39e6adba726fd49868118c48abb5fc1f0340c956d2309

  • SSDEEP

    24576:My7yYP+o+jtJIvQ3ey9RKP+CazhZ0nIbZ:77yYP1+5QqZYOZ0n

Malware Config

Targets

    • Target

      b843a50531f8a3318e7f92ac1b966bca1baf2fff22280d0e2d49502eb411bb29

    • Size

      920KB

    • MD5

      54e9e5e6075e742aaf11ca8944af9b75

    • SHA1

      daa83d745a6dcd75a4dd5db608ec023b20f169bd

    • SHA256

      b843a50531f8a3318e7f92ac1b966bca1baf2fff22280d0e2d49502eb411bb29

    • SHA512

      bfc30dfd1ad08e892fd9e3f1df9b5ff1ae7d9e9c143c11709dfe6130d6b7cc79d109d7c950159e9aa8b39e6adba726fd49868118c48abb5fc1f0340c956d2309

    • SSDEEP

      24576:My7yYP+o+jtJIvQ3ey9RKP+CazhZ0nIbZ:77yYP1+5QqZYOZ0n

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks