Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    eab118ee24a739b6fe3845d472aa00c3db5e0b8a75264c303cd601e7aca43aa6

  • Size

    965KB

  • Sample

    230422-eha9rseb7t

  • MD5

    bc5ab3176d32a612dd39fd187502dc13

  • SHA1

    d106e23a45ca2865b1b778ef3f22865caf1ee5a9

  • SHA256

    eab118ee24a739b6fe3845d472aa00c3db5e0b8a75264c303cd601e7aca43aa6

  • SHA512

    9bbd0465fd5f04daeb8d3a13fd24b0664121c33087cd3ab99d559fd6b7319063ca6d034a025ef686aba06fdde4a4b6f2cacab0d0f2df1d6ab79de84ad9f99329

  • SSDEEP

    24576:7y+8XM+zA46kSKJuR/asdFAaUy/oJclYmlwO5V:u+4tEGJuR/ayUmycZ5

Malware Config

Targets

    • Target

      eab118ee24a739b6fe3845d472aa00c3db5e0b8a75264c303cd601e7aca43aa6

    • Size

      965KB

    • MD5

      bc5ab3176d32a612dd39fd187502dc13

    • SHA1

      d106e23a45ca2865b1b778ef3f22865caf1ee5a9

    • SHA256

      eab118ee24a739b6fe3845d472aa00c3db5e0b8a75264c303cd601e7aca43aa6

    • SHA512

      9bbd0465fd5f04daeb8d3a13fd24b0664121c33087cd3ab99d559fd6b7319063ca6d034a025ef686aba06fdde4a4b6f2cacab0d0f2df1d6ab79de84ad9f99329

    • SSDEEP

      24576:7y+8XM+zA46kSKJuR/asdFAaUy/oJclYmlwO5V:u+4tEGJuR/ayUmycZ5

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks