Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    55f1c66cfa900be226d0aee1957ef97e1903310261e7fc0fd6ac27ad50d8b2b8

  • Size

    376KB

  • Sample

    230505-ngys4shg44

  • MD5

    72fa24b66da00046ed67180d84d425f9

  • SHA1

    757a4223af221f3df69dd4ab4915af2d93e81390

  • SHA256

    55f1c66cfa900be226d0aee1957ef97e1903310261e7fc0fd6ac27ad50d8b2b8

  • SHA512

    f52a9900fba6424f3eaff2ef74f298d8c39e7a60544a4be2e27492062baf42b41330e7baf7320c0a71839dfde14a6b901f0171698400b330abddb29d110c13d8

  • SSDEEP

    6144:KTy+bnr+vp0yN90QEQ2GhyIxsS29hDcldlTO8HwdadEfuxr5blACD:lMr7y90MsSKVcldFOfdAEfS1blfD

Malware Config

Targets

    • Target

      55f1c66cfa900be226d0aee1957ef97e1903310261e7fc0fd6ac27ad50d8b2b8

    • Size

      376KB

    • MD5

      72fa24b66da00046ed67180d84d425f9

    • SHA1

      757a4223af221f3df69dd4ab4915af2d93e81390

    • SHA256

      55f1c66cfa900be226d0aee1957ef97e1903310261e7fc0fd6ac27ad50d8b2b8

    • SHA512

      f52a9900fba6424f3eaff2ef74f298d8c39e7a60544a4be2e27492062baf42b41330e7baf7320c0a71839dfde14a6b901f0171698400b330abddb29d110c13d8

    • SSDEEP

      6144:KTy+bnr+vp0yN90QEQ2GhyIxsS29hDcldlTO8HwdadEfuxr5blACD:lMr7y90MsSKVcldFOfdAEfS1blfD

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks