Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a0fb23cffb9377591fd83a8fb4a67b354a8ed34c64549cfe403b9ea3ff154f65

  • Size

    695KB

  • Sample

    230425-plkmqacb3s

  • MD5

    e27443752fa90c5f2c37cb2e4e31ce3f

  • SHA1

    842442707532f3c652d6923b013b0548302421ae

  • SHA256

    a0fb23cffb9377591fd83a8fb4a67b354a8ed34c64549cfe403b9ea3ff154f65

  • SHA512

    871804a0755b538c33d789d24b9c5e5e22f53958ef94f1f4eaa09dc7f3266f18e5151e8d4bcee47c2a9229aa81c5ae235386e578ad2734ba8a1ae0e054eef4f6

  • SSDEEP

    12288:ky90fZtWDcXhH1BNrIavVg1q1xg5V3I4kOkX3KVo0iNUm5zSkkxOON:kyvcX3BZ10q1G5IpX3n0iNd5zSkKn

Malware Config

Targets

    • Target

      a0fb23cffb9377591fd83a8fb4a67b354a8ed34c64549cfe403b9ea3ff154f65

    • Size

      695KB

    • MD5

      e27443752fa90c5f2c37cb2e4e31ce3f

    • SHA1

      842442707532f3c652d6923b013b0548302421ae

    • SHA256

      a0fb23cffb9377591fd83a8fb4a67b354a8ed34c64549cfe403b9ea3ff154f65

    • SHA512

      871804a0755b538c33d789d24b9c5e5e22f53958ef94f1f4eaa09dc7f3266f18e5151e8d4bcee47c2a9229aa81c5ae235386e578ad2734ba8a1ae0e054eef4f6

    • SSDEEP

      12288:ky90fZtWDcXhH1BNrIavVg1q1xg5V3I4kOkX3KVo0iNUm5zSkkxOON:kyvcX3BZ10q1G5IpX3n0iNd5zSkKn

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks