Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    29c8cd2b396936d3726ccadc4d1e90e49c5a04247b4107abc5e42bdd995185bd

  • Size

    697KB

  • Sample

    230426-kkyqqsab4x

  • MD5

    3f94c978968038d050a2e2efcd669659

  • SHA1

    eb7c383666de6635708dfc5cec3231e21f3ce570

  • SHA256

    29c8cd2b396936d3726ccadc4d1e90e49c5a04247b4107abc5e42bdd995185bd

  • SHA512

    f551d938a0a5969723d44a471e2cf4c5ed118600739850654ba8796cdf446a74ddbb2ae91846788d5f76af04535264126fc7b70ae05bfb55086a4432361f8261

  • SSDEEP

    12288:Ky90RW5Q4d6MdMbQRepoNgdqAuJwRIn5N0obBHAKkhHr8Ogj3kg5Rg3QQ:KysWT5epWAueTEBgKkhL8OgjN5Rm

Malware Config

Targets

    • Target

      29c8cd2b396936d3726ccadc4d1e90e49c5a04247b4107abc5e42bdd995185bd

    • Size

      697KB

    • MD5

      3f94c978968038d050a2e2efcd669659

    • SHA1

      eb7c383666de6635708dfc5cec3231e21f3ce570

    • SHA256

      29c8cd2b396936d3726ccadc4d1e90e49c5a04247b4107abc5e42bdd995185bd

    • SHA512

      f551d938a0a5969723d44a471e2cf4c5ed118600739850654ba8796cdf446a74ddbb2ae91846788d5f76af04535264126fc7b70ae05bfb55086a4432361f8261

    • SSDEEP

      12288:Ky90RW5Q4d6MdMbQRepoNgdqAuJwRIn5N0obBHAKkhHr8Ogj3kg5Rg3QQ:KysWT5epWAueTEBgKkhL8OgjN5Rm

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks