Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d0e9432e0dfcdfc1462ec27f7bca82951ce7147038440e95e9d2229064e87400

  • Size

    1.2MB

  • Sample

    230423-zyfveafh67

  • MD5

    8b1a873dd91eb6af121d06a0eac840e4

  • SHA1

    1876580323022f3308229e8ab3cd3cb28e236c1a

  • SHA256

    d0e9432e0dfcdfc1462ec27f7bca82951ce7147038440e95e9d2229064e87400

  • SHA512

    eb99cfc38f0c0488cc52a8ecab17df9f466364da92e59b6f4aa0a63d06f34893eaa78d1a12915153ac1f4e3c8ad4b46891752bee487b2e7ee347b4daa9863de7

  • SSDEEP

    24576:S5KkOA2SUYO/bhsbAD3DA8iw/NZUlQltr9t9PNgpfhzybGsm3/y:sCHYI3DPTMQn3kQ3m

Malware Config

Targets

    • Target

      d0e9432e0dfcdfc1462ec27f7bca82951ce7147038440e95e9d2229064e87400

    • Size

      1.2MB

    • MD5

      8b1a873dd91eb6af121d06a0eac840e4

    • SHA1

      1876580323022f3308229e8ab3cd3cb28e236c1a

    • SHA256

      d0e9432e0dfcdfc1462ec27f7bca82951ce7147038440e95e9d2229064e87400

    • SHA512

      eb99cfc38f0c0488cc52a8ecab17df9f466364da92e59b6f4aa0a63d06f34893eaa78d1a12915153ac1f4e3c8ad4b46891752bee487b2e7ee347b4daa9863de7

    • SSDEEP

      24576:S5KkOA2SUYO/bhsbAD3DA8iw/NZUlQltr9t9PNgpfhzybGsm3/y:sCHYI3DPTMQn3kQ3m

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks