Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e40b9a211cf13fbfd91ab30d364ebfe4e374225003115b25d4b285fa0dd0d98c

  • Size

    1.2MB

  • Sample

    230423-njzhesef6x

  • MD5

    189e26caca1b0ef0fc0cdd3664f9d859

  • SHA1

    81c9390ef608037daf26e3c2cb576eaba2c9d4d8

  • SHA256

    e40b9a211cf13fbfd91ab30d364ebfe4e374225003115b25d4b285fa0dd0d98c

  • SHA512

    c084ecb53b51860153a84835aef7fc7480486ddadfdc2eb5811ce5a236610ee880f0bf6024c978e46d8c23637c6aec89b0c8b76845081adab5a857b7a588ef34

  • SSDEEP

    24576:7s2EkDKc0UEpRfPvnK6fkU1iPCmGafyTAqYW82xxy0hWD5UhgLany+FRsa:kkCUqivPBaAa82xo0ha2Lnya

Malware Config

Targets

    • Target

      e40b9a211cf13fbfd91ab30d364ebfe4e374225003115b25d4b285fa0dd0d98c

    • Size

      1.2MB

    • MD5

      189e26caca1b0ef0fc0cdd3664f9d859

    • SHA1

      81c9390ef608037daf26e3c2cb576eaba2c9d4d8

    • SHA256

      e40b9a211cf13fbfd91ab30d364ebfe4e374225003115b25d4b285fa0dd0d98c

    • SHA512

      c084ecb53b51860153a84835aef7fc7480486ddadfdc2eb5811ce5a236610ee880f0bf6024c978e46d8c23637c6aec89b0c8b76845081adab5a857b7a588ef34

    • SSDEEP

      24576:7s2EkDKc0UEpRfPvnK6fkU1iPCmGafyTAqYW82xxy0hWD5UhgLany+FRsa:kkCUqivPBaAa82xo0ha2Lnya

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks