Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a2f89785b080148e1fa8116883f368f701288fb79fa4f798847c8559ab3c18c2

  • Size

    694KB

  • Sample

    230426-fckfxsha9t

  • MD5

    0bfa9d898b9cd20ac3894c846854cfbf

  • SHA1

    a36fa14d36b1bad91014dced45489d6e47c7e6ea

  • SHA256

    a2f89785b080148e1fa8116883f368f701288fb79fa4f798847c8559ab3c18c2

  • SHA512

    b198722929607b1376c5dc61bfbe515dcd24eeb2b6ea7ddc0814a7bff63b6bbe594dc1a8b203bde403d3008a0ee10ca39705a60379fd59a5a7164da11390bd22

  • SSDEEP

    12288:gy9025jtTC0VxqJoPk6U5wpFT4u1WkCAg7SdpWj6F018bwKTA+tGTOmRmR:gyxpRVxqJOkJoF/1I4O6F018bw4PIwR

Malware Config

Targets

    • Target

      a2f89785b080148e1fa8116883f368f701288fb79fa4f798847c8559ab3c18c2

    • Size

      694KB

    • MD5

      0bfa9d898b9cd20ac3894c846854cfbf

    • SHA1

      a36fa14d36b1bad91014dced45489d6e47c7e6ea

    • SHA256

      a2f89785b080148e1fa8116883f368f701288fb79fa4f798847c8559ab3c18c2

    • SHA512

      b198722929607b1376c5dc61bfbe515dcd24eeb2b6ea7ddc0814a7bff63b6bbe594dc1a8b203bde403d3008a0ee10ca39705a60379fd59a5a7164da11390bd22

    • SSDEEP

      12288:gy9025jtTC0VxqJoPk6U5wpFT4u1WkCAg7SdpWj6F018bwKTA+tGTOmRmR:gyxpRVxqJOkJoF/1I4O6F018bw4PIwR

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks