Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    089032ced89e4347e381176d3d0895929015fd8df994214e5ba375a0c2b47c8b

  • Size

    1.1MB

  • Sample

    230425-x4jgdace39

  • MD5

    53fbc0b6f5d053500613eecb3d27c3b5

  • SHA1

    6261d08204d74b10be1cc12e6f9b7664cf3233d5

  • SHA256

    089032ced89e4347e381176d3d0895929015fd8df994214e5ba375a0c2b47c8b

  • SHA512

    70de16cf39b3db64679413555f2d95303db62448241416beaa7454022b6991162b7ea834b7ca9c6da2c5ddeedcfd907b4acd2b6e44521d54b6aeb7a4b22a4ddb

  • SSDEEP

    24576:ey6bQ13vrdjRG4F47Pe5YfIi2H0+AeostFPQhwQC5Q:t6bIBNFoiAytFPcwQQ

Malware Config

Targets

    • Target

      089032ced89e4347e381176d3d0895929015fd8df994214e5ba375a0c2b47c8b

    • Size

      1.1MB

    • MD5

      53fbc0b6f5d053500613eecb3d27c3b5

    • SHA1

      6261d08204d74b10be1cc12e6f9b7664cf3233d5

    • SHA256

      089032ced89e4347e381176d3d0895929015fd8df994214e5ba375a0c2b47c8b

    • SHA512

      70de16cf39b3db64679413555f2d95303db62448241416beaa7454022b6991162b7ea834b7ca9c6da2c5ddeedcfd907b4acd2b6e44521d54b6aeb7a4b22a4ddb

    • SSDEEP

      24576:ey6bQ13vrdjRG4F47Pe5YfIi2H0+AeostFPQhwQC5Q:t6bIBNFoiAytFPcwQQ

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks