Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fd08be7bfc5351e0adb51643e96c9ba3.exe

  • Size

    480KB

  • Sample

    230505-xn7t2ahg7y

  • MD5

    fd08be7bfc5351e0adb51643e96c9ba3

  • SHA1

    bf9960400999e949cee0c620e6a6211fc664d0f3

  • SHA256

    fcf08da4f99acde5a1ecc10428a12f1317ffe341f75209d46dbf187f969b1d70

  • SHA512

    1c7a16ac949a7e8bced5355aa77634b2682e48dcf38981b2b13605275f9218864997121ced734ef97eb28d2709815a74c4118fbcb25bd51bc2e9a7f49f9ec834

  • SSDEEP

    12288:hMrKy90vJV/y47qd+ZeJaI1rkkVPva2F7okq/A:PyAX64reJLV3a2RoY

Malware Config

Targets

    • Target

      fd08be7bfc5351e0adb51643e96c9ba3.exe

    • Size

      480KB

    • MD5

      fd08be7bfc5351e0adb51643e96c9ba3

    • SHA1

      bf9960400999e949cee0c620e6a6211fc664d0f3

    • SHA256

      fcf08da4f99acde5a1ecc10428a12f1317ffe341f75209d46dbf187f969b1d70

    • SHA512

      1c7a16ac949a7e8bced5355aa77634b2682e48dcf38981b2b13605275f9218864997121ced734ef97eb28d2709815a74c4118fbcb25bd51bc2e9a7f49f9ec834

    • SSDEEP

      12288:hMrKy90vJV/y47qd+ZeJaI1rkkVPva2F7okq/A:PyAX64reJLV3a2RoY

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks