Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1925516d2fa113601bb97bc9252a65bf4f36f903fc4adec47fd5b8b0d2a0ec64

  • Size

    964KB

  • Sample

    230420-d3n6pahc7t

  • MD5

    3113d16dc5fe3b5a5b69082a114262a3

  • SHA1

    a74d9de7b37dece5b17e0a8b59b8b10d133fc42c

  • SHA256

    1925516d2fa113601bb97bc9252a65bf4f36f903fc4adec47fd5b8b0d2a0ec64

  • SHA512

    16b21d2bdfe4046fe0b2b9b42d4166a95905e4d681a27d85ae19cb8b8f74e9d8bf5b72128389f051a4993cc339b7e7a0840dc6474dcd1a0c6d77fde0f6409892

  • SSDEEP

    24576:4yYYt5LoUHyrmWbmAhbCwsWK6O/hvHFSHLKhYr:/Ys5LogAhZsfllm2h

Malware Config

Targets

    • Target

      1925516d2fa113601bb97bc9252a65bf4f36f903fc4adec47fd5b8b0d2a0ec64

    • Size

      964KB

    • MD5

      3113d16dc5fe3b5a5b69082a114262a3

    • SHA1

      a74d9de7b37dece5b17e0a8b59b8b10d133fc42c

    • SHA256

      1925516d2fa113601bb97bc9252a65bf4f36f903fc4adec47fd5b8b0d2a0ec64

    • SHA512

      16b21d2bdfe4046fe0b2b9b42d4166a95905e4d681a27d85ae19cb8b8f74e9d8bf5b72128389f051a4993cc339b7e7a0840dc6474dcd1a0c6d77fde0f6409892

    • SSDEEP

      24576:4yYYt5LoUHyrmWbmAhbCwsWK6O/hvHFSHLKhYr:/Ys5LogAhZsfllm2h

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks