Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e90ccdc620040e414715bcac65a4ab323f4343a3037c533d39b4ad16d8de2119

  • Size

    1.0MB

  • Sample

    230424-ajcrrsgg33

  • MD5

    4b882891752435102e43ec8d2b8c114a

  • SHA1

    6379b738b8c33dbb6b2fb0a03ee6a41a6cb35a81

  • SHA256

    e90ccdc620040e414715bcac65a4ab323f4343a3037c533d39b4ad16d8de2119

  • SHA512

    3d0619abf4e310d6d31030c6860890255e1277f589e19f959ca4a70e7daba39e8592ba05fb6b810d5dfc5b8b0066457a53dd1749196fd61ba9f2802726b11973

  • SSDEEP

    24576:acIu58c6Od3W36hmxGaKc1HIcf0ErjxO+TtR1N2VRDrcG3:2mZ6Od3WqFaKc1Hh8ErdOWR1N2fDrc

Malware Config

Targets

    • Target

      e90ccdc620040e414715bcac65a4ab323f4343a3037c533d39b4ad16d8de2119

    • Size

      1.0MB

    • MD5

      4b882891752435102e43ec8d2b8c114a

    • SHA1

      6379b738b8c33dbb6b2fb0a03ee6a41a6cb35a81

    • SHA256

      e90ccdc620040e414715bcac65a4ab323f4343a3037c533d39b4ad16d8de2119

    • SHA512

      3d0619abf4e310d6d31030c6860890255e1277f589e19f959ca4a70e7daba39e8592ba05fb6b810d5dfc5b8b0066457a53dd1749196fd61ba9f2802726b11973

    • SSDEEP

      24576:acIu58c6Od3W36hmxGaKc1HIcf0ErjxO+TtR1N2VRDrcG3:2mZ6Od3WqFaKc1Hh8ErdOWR1N2fDrc

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks