Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    eecf3a2940cd3a39865b11b98745da4b90e7c6be87c6f1b749cca1a77399bb3a

  • Size

    990KB

  • Sample

    230425-levbssbe2y

  • MD5

    fea38b5a4be6ad4168ffbe554a6e5b55

  • SHA1

    62264c4f8e584deab78cbd13a56af0eb8174c9ef

  • SHA256

    eecf3a2940cd3a39865b11b98745da4b90e7c6be87c6f1b749cca1a77399bb3a

  • SHA512

    93087b009e8b40d15ac8859c5dc41330419667f4818319824bec9c1e41f33fce95ed3f76d560051896202bedaa2bb6432a6a142f2a83f4c33f41f9487ed30d31

  • SSDEEP

    24576:BnUoY7pfy8Yg7Q7TsRZcKeD2Mzlnk+IY8Mlf:E7By87STskKefd5

Malware Config

Targets

    • Target

      eecf3a2940cd3a39865b11b98745da4b90e7c6be87c6f1b749cca1a77399bb3a

    • Size

      990KB

    • MD5

      fea38b5a4be6ad4168ffbe554a6e5b55

    • SHA1

      62264c4f8e584deab78cbd13a56af0eb8174c9ef

    • SHA256

      eecf3a2940cd3a39865b11b98745da4b90e7c6be87c6f1b749cca1a77399bb3a

    • SHA512

      93087b009e8b40d15ac8859c5dc41330419667f4818319824bec9c1e41f33fce95ed3f76d560051896202bedaa2bb6432a6a142f2a83f4c33f41f9487ed30d31

    • SSDEEP

      24576:BnUoY7pfy8Yg7Q7TsRZcKeD2Mzlnk+IY8Mlf:E7By87STskKefd5

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks