Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    be70678dda0e2b4e9a487edce5acda3bc54e43166c1409881182d95ae5a29a3d

  • Size

    1.0MB

  • Sample

    230420-kx6l4saf9t

  • MD5

    202c5799aeee7b2d9456edb21fbe2106

  • SHA1

    0c7c113f7ba33245f0a3324a93427026054d1e2b

  • SHA256

    be70678dda0e2b4e9a487edce5acda3bc54e43166c1409881182d95ae5a29a3d

  • SHA512

    195dd3c36b1038ab5c39afac2f68aa0b998fff3d83e6e8dddc8cb09d08c8acf13f530e7d5b28a2ad27112ebce4f8c7ecdd6d7c842ba3c9603ebffa0529398d05

  • SSDEEP

    12288:Hy90gupQGT1ZpMuhg8ivQSODMsXL2vy6Ayi4xgKg2cD/MFUMJLovO/Ah2Zum4:HyIHBzMUg8ivXtsXyybTKg28MNoBq14

Malware Config

Targets

    • Target

      be70678dda0e2b4e9a487edce5acda3bc54e43166c1409881182d95ae5a29a3d

    • Size

      1.0MB

    • MD5

      202c5799aeee7b2d9456edb21fbe2106

    • SHA1

      0c7c113f7ba33245f0a3324a93427026054d1e2b

    • SHA256

      be70678dda0e2b4e9a487edce5acda3bc54e43166c1409881182d95ae5a29a3d

    • SHA512

      195dd3c36b1038ab5c39afac2f68aa0b998fff3d83e6e8dddc8cb09d08c8acf13f530e7d5b28a2ad27112ebce4f8c7ecdd6d7c842ba3c9603ebffa0529398d05

    • SSDEEP

      12288:Hy90gupQGT1ZpMuhg8ivQSODMsXL2vy6Ayi4xgKg2cD/MFUMJLovO/Ah2Zum4:HyIHBzMUg8ivXtsXyybTKg28MNoBq14

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks