Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d27b008ace891a02d344092c4025600de0c758f530516790698425c252214020

  • Size

    558KB

  • Sample

    230421-3far8aag85

  • MD5

    e141e99ef50106570ef49bc98d508aa1

  • SHA1

    30e5b7ef3bbe7e773e3bba54fe638773d8cd356f

  • SHA256

    d27b008ace891a02d344092c4025600de0c758f530516790698425c252214020

  • SHA512

    c2cc7e1fc27de1479203465be79cbd4bb1a9909341f50315cda5e19b306e29834f67353236c2e83f9495fbdfd8b220f1a39d1997b4e0b9ab3d6ce4d3371f119a

  • SSDEEP

    12288:py90bMlCFnH8PWk12dkMgyNN1fBb0uKpccOuQcWXVygYbAs:pyCMlCF8jsdDj1pwuKp/Out77

Malware Config

Targets

    • Target

      d27b008ace891a02d344092c4025600de0c758f530516790698425c252214020

    • Size

      558KB

    • MD5

      e141e99ef50106570ef49bc98d508aa1

    • SHA1

      30e5b7ef3bbe7e773e3bba54fe638773d8cd356f

    • SHA256

      d27b008ace891a02d344092c4025600de0c758f530516790698425c252214020

    • SHA512

      c2cc7e1fc27de1479203465be79cbd4bb1a9909341f50315cda5e19b306e29834f67353236c2e83f9495fbdfd8b220f1a39d1997b4e0b9ab3d6ce4d3371f119a

    • SSDEEP

      12288:py90bMlCFnH8PWk12dkMgyNN1fBb0uKpccOuQcWXVygYbAs:pyCMlCF8jsdDj1pwuKp/Out77

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks