Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c84a07cb25dc9affdbba7a9bd371c5e0da3d3920fd7470c9d95cbcedd9f31396

  • Size

    599KB

  • Sample

    230504-qfkaface85

  • MD5

    43b5c43fb2efd3cc59ffbdd497f348be

  • SHA1

    ac3dd4a7ee78ff570f3d35ebbe9e04ec53833a2e

  • SHA256

    c84a07cb25dc9affdbba7a9bd371c5e0da3d3920fd7470c9d95cbcedd9f31396

  • SHA512

    a53d0c75dbeff89fc069b4090e5a8e4da923c333a7673018a3e4869efc7764e956ad28ff4f5db3eb52147d61f2d3eba3376652e9ebd29cb204246aed6befd86b

  • SSDEEP

    12288:OMr8y90V2OFBATFiKTBooX1IfCuspKLpM1l6FMdPWw2VgkpMmbou:myi3FBKkDgafAKLpyl+Vzdbd

Malware Config

Targets

    • Target

      c84a07cb25dc9affdbba7a9bd371c5e0da3d3920fd7470c9d95cbcedd9f31396

    • Size

      599KB

    • MD5

      43b5c43fb2efd3cc59ffbdd497f348be

    • SHA1

      ac3dd4a7ee78ff570f3d35ebbe9e04ec53833a2e

    • SHA256

      c84a07cb25dc9affdbba7a9bd371c5e0da3d3920fd7470c9d95cbcedd9f31396

    • SHA512

      a53d0c75dbeff89fc069b4090e5a8e4da923c333a7673018a3e4869efc7764e956ad28ff4f5db3eb52147d61f2d3eba3376652e9ebd29cb204246aed6befd86b

    • SSDEEP

      12288:OMr8y90V2OFBATFiKTBooX1IfCuspKLpM1l6FMdPWw2VgkpMmbou:myi3FBKkDgafAKLpyl+Vzdbd

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks