Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c4e4ea1533f06c4a72b89a8e0dac119979a8d19ac76ec7fb2d3b02ad7bab4fc2

  • Size

    480KB

  • Sample

    230504-xfqwjsee63

  • MD5

    f1a1a2bb6fa89262286e7872cbc41a08

  • SHA1

    d41e9198483e44e2fe8d0f061f2d4cdc26cec8db

  • SHA256

    c4e4ea1533f06c4a72b89a8e0dac119979a8d19ac76ec7fb2d3b02ad7bab4fc2

  • SHA512

    c714e731a563b856785a36e307847787a869b1e20afe89c5210a394309b3e41a50eb946a437ab9be06f40fa065c91814bb97b3e3dc5a773ed1e49d3f3e36cd87

  • SSDEEP

    12288:nMrSy90GDEftMK/soTJZ4q68cqjHT+Tsb:5yxg1MK/so1Z4j8Nz+Tw

Malware Config

Targets

    • Target

      c4e4ea1533f06c4a72b89a8e0dac119979a8d19ac76ec7fb2d3b02ad7bab4fc2

    • Size

      480KB

    • MD5

      f1a1a2bb6fa89262286e7872cbc41a08

    • SHA1

      d41e9198483e44e2fe8d0f061f2d4cdc26cec8db

    • SHA256

      c4e4ea1533f06c4a72b89a8e0dac119979a8d19ac76ec7fb2d3b02ad7bab4fc2

    • SHA512

      c714e731a563b856785a36e307847787a869b1e20afe89c5210a394309b3e41a50eb946a437ab9be06f40fa065c91814bb97b3e3dc5a773ed1e49d3f3e36cd87

    • SSDEEP

      12288:nMrSy90GDEftMK/soTJZ4q68cqjHT+Tsb:5yxg1MK/so1Z4j8Nz+Tw

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks