Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b5851d7ab0e31067f5eb61a5a0a0ee72d514e48b1ddfb95e1f050bdda96b7422

  • Size

    1.2MB

  • Sample

    230425-fmnlbsac8x

  • MD5

    4609911c9fb29a383e8c5b687d304a4c

  • SHA1

    79b7556012b719a0a5480c5dbd1dd6e6e0abf02d

  • SHA256

    b5851d7ab0e31067f5eb61a5a0a0ee72d514e48b1ddfb95e1f050bdda96b7422

  • SHA512

    11d67db596197ee4bfe3f876a37245af4ace6260ca98524e99702df48f287b27bb1dc78e7e07b535a6a5fde78cb17297c92f5179c4c9c7954ff6020613eeaae7

  • SSDEEP

    24576:L0zwEbpelsnjkyfxpcP7kJxnSnF83PRiGBgy3rIgBQzbypT6bg6gO:L0zNUYjkCcPoJgK3ss+y4bN

Malware Config

Targets

    • Target

      b5851d7ab0e31067f5eb61a5a0a0ee72d514e48b1ddfb95e1f050bdda96b7422

    • Size

      1.2MB

    • MD5

      4609911c9fb29a383e8c5b687d304a4c

    • SHA1

      79b7556012b719a0a5480c5dbd1dd6e6e0abf02d

    • SHA256

      b5851d7ab0e31067f5eb61a5a0a0ee72d514e48b1ddfb95e1f050bdda96b7422

    • SHA512

      11d67db596197ee4bfe3f876a37245af4ace6260ca98524e99702df48f287b27bb1dc78e7e07b535a6a5fde78cb17297c92f5179c4c9c7954ff6020613eeaae7

    • SSDEEP

      24576:L0zwEbpelsnjkyfxpcP7kJxnSnF83PRiGBgy3rIgBQzbypT6bg6gO:L0zNUYjkCcPoJgK3ss+y4bN

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks