Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3dd66625b334739f1055d7d7836dbdf5c49f1a13a3b9bd6f796e157d4e15bc8d

  • Size

    1.2MB

  • Sample

    230424-3x28ssfc89

  • MD5

    5cb51c7d6587204ff7b9ca6de81a4fd7

  • SHA1

    4359e17c81d4c16f5f8ecead021e85ccb2029589

  • SHA256

    3dd66625b334739f1055d7d7836dbdf5c49f1a13a3b9bd6f796e157d4e15bc8d

  • SHA512

    7394ee0900cd718219cab82eacc5e8e60deb928e792b99060595d2f62c7c3db64d5f2c0a4614965c20f20e33167546f2b29df5682a9b6bb3775cd234b7c645f4

  • SSDEEP

    24576:cCbht9y/vN4jFVkUI4Hiew2ltipvLt87VLLLVxCwaUdw578ObN/4SYrnP4uO:cCz9uyy4Hrw2lt2CxxCwbdw57fQSG

Malware Config

Targets

    • Target

      3dd66625b334739f1055d7d7836dbdf5c49f1a13a3b9bd6f796e157d4e15bc8d

    • Size

      1.2MB

    • MD5

      5cb51c7d6587204ff7b9ca6de81a4fd7

    • SHA1

      4359e17c81d4c16f5f8ecead021e85ccb2029589

    • SHA256

      3dd66625b334739f1055d7d7836dbdf5c49f1a13a3b9bd6f796e157d4e15bc8d

    • SHA512

      7394ee0900cd718219cab82eacc5e8e60deb928e792b99060595d2f62c7c3db64d5f2c0a4614965c20f20e33167546f2b29df5682a9b6bb3775cd234b7c645f4

    • SSDEEP

      24576:cCbht9y/vN4jFVkUI4Hiew2ltipvLt87VLLLVxCwaUdw578ObN/4SYrnP4uO:cCz9uyy4Hrw2lt2CxxCwbdw57fQSG

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks