Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c4fc56b32007b5f825312b644829e7f9f0598ac6d3515b1699978192d3dc0e1e

  • Size

    691KB

  • Sample

    230426-w9dbwabb72

  • MD5

    b57544bb18cce7544f83a57edcbb725c

  • SHA1

    f0f9af56bcf1544abdff515c6616ab6e81b9d4f0

  • SHA256

    c4fc56b32007b5f825312b644829e7f9f0598ac6d3515b1699978192d3dc0e1e

  • SHA512

    c83211779184e7093e269f0671097080da904d452ea6376bba6c6a261261165292b09e01ebecf8fb400c20a82fef15750b2e3a5e3da6697e803e0c06ea80cf04

  • SSDEEP

    12288:Ly90o+rVj07zIpZSeju4jnFC+Me2e7S/CANBOL46BBlw:LykYzIpUsux+32+ANslBI

Malware Config

Targets

    • Target

      c4fc56b32007b5f825312b644829e7f9f0598ac6d3515b1699978192d3dc0e1e

    • Size

      691KB

    • MD5

      b57544bb18cce7544f83a57edcbb725c

    • SHA1

      f0f9af56bcf1544abdff515c6616ab6e81b9d4f0

    • SHA256

      c4fc56b32007b5f825312b644829e7f9f0598ac6d3515b1699978192d3dc0e1e

    • SHA512

      c83211779184e7093e269f0671097080da904d452ea6376bba6c6a261261165292b09e01ebecf8fb400c20a82fef15750b2e3a5e3da6697e803e0c06ea80cf04

    • SSDEEP

      12288:Ly90o+rVj07zIpZSeju4jnFC+Me2e7S/CANBOL46BBlw:LykYzIpUsux+32+ANslBI

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks