Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7740f561cd1e74d7a1307649a17e348bfe9d15b5792a8a61fe7d3f9baa7d66c7

  • Size

    936KB

  • Sample

    230420-xfyw6adf7v

  • MD5

    8304c6d450367f9ad341aedbcf432287

  • SHA1

    35a44a5d4505b46b7386890f8bec5b05537f3fb0

  • SHA256

    7740f561cd1e74d7a1307649a17e348bfe9d15b5792a8a61fe7d3f9baa7d66c7

  • SHA512

    f85591c87c2f6d8bd17bf09b1671e7d150d3155ef6d0e9982db594e1f5f6ca6ea48049e5d2dcb01530c19430b8e5f1f6f6f8c72a5ea987baf2a149f32fb74ec2

  • SSDEEP

    24576:Hy8fF3Y+nX1VVkU9zCzE/DU0zQhiQLafsqgzwcId8hr:SulVyU9zWad8Gk7Idk

Malware Config

Targets

    • Target

      7740f561cd1e74d7a1307649a17e348bfe9d15b5792a8a61fe7d3f9baa7d66c7

    • Size

      936KB

    • MD5

      8304c6d450367f9ad341aedbcf432287

    • SHA1

      35a44a5d4505b46b7386890f8bec5b05537f3fb0

    • SHA256

      7740f561cd1e74d7a1307649a17e348bfe9d15b5792a8a61fe7d3f9baa7d66c7

    • SHA512

      f85591c87c2f6d8bd17bf09b1671e7d150d3155ef6d0e9982db594e1f5f6ca6ea48049e5d2dcb01530c19430b8e5f1f6f6f8c72a5ea987baf2a149f32fb74ec2

    • SSDEEP

      24576:Hy8fF3Y+nX1VVkU9zCzE/DU0zQhiQLafsqgzwcId8hr:SulVyU9zWad8Gk7Idk

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks