Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9575ad69f2b625c40efc67b7101918c0fb35994c42b0f366b43ccf0f154e1348

  • Size

    1.0MB

  • Sample

    230420-ledn2sah4y

  • MD5

    2f59956ce2da220b6c3b23bf8797f8a0

  • SHA1

    691f0aadb1cd04355d3c1db80e23fd903db6206f

  • SHA256

    9575ad69f2b625c40efc67b7101918c0fb35994c42b0f366b43ccf0f154e1348

  • SHA512

    5160c9fb61d367e5168e217b8ab98c45f5cbd05c752cf4a6d23bfd80bc5c47e0f6850c3182c4aa727689add1a11b71ba8fc471559e96ea9f49b672a1811e8987

  • SSDEEP

    24576:GyUKXGC1Zhq6dkJGUFuko5A7lla29TU2nQp5ny8OJ7ztCLyuQkQ:VnX3EQ0GUWa3TlKnyn7zh/

Malware Config

Targets

    • Target

      9575ad69f2b625c40efc67b7101918c0fb35994c42b0f366b43ccf0f154e1348

    • Size

      1.0MB

    • MD5

      2f59956ce2da220b6c3b23bf8797f8a0

    • SHA1

      691f0aadb1cd04355d3c1db80e23fd903db6206f

    • SHA256

      9575ad69f2b625c40efc67b7101918c0fb35994c42b0f366b43ccf0f154e1348

    • SHA512

      5160c9fb61d367e5168e217b8ab98c45f5cbd05c752cf4a6d23bfd80bc5c47e0f6850c3182c4aa727689add1a11b71ba8fc471559e96ea9f49b672a1811e8987

    • SSDEEP

      24576:GyUKXGC1Zhq6dkJGUFuko5A7lla29TU2nQp5ny8OJ7ztCLyuQkQ:VnX3EQ0GUWa3TlKnyn7zh/

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks