Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e4ecd863533e7d5d7688ebffbae767fe.bin

  • Size

    14.8MB

  • Sample

    230505-yynpksbh72

  • MD5

    e4ecd863533e7d5d7688ebffbae767fe

  • SHA1

    0a79da12db75bd60070da8920f297934647df44d

  • SHA256

    f84552b9c320ad7171ca1b0f77f9943eaa7a40c7f41cafa3e489869800f1d90d

  • SHA512

    29057c209173ff005f59febf596eb79300d5adfca2de171247c171c2deb2f3c14c60c801b69ad4d6fd754031d67652535aaba493dd907a3410ff082f75c12ccf

  • SSDEEP

    393216:jGkA4MMqSt55WtAKZvBkGLXILnT2N1ZUDIJl:rHMMqu5gpy+YLnTwDJl

Malware Config

Targets

    • Target

      arqui64937026476Cliente,Ref70645183bc53734.msi

    • Size

      15.5MB

    • MD5

      ad7cb6cd4ed39265dab644c4f17856fc

    • SHA1

      1465b3e3990a3c321cbfe5c7a8154a9e8dd82de3

    • SHA256

      e22a215c263b61d1b4ae976b9ec89e2f1581b32a2eaf94287cfd5420241918ec

    • SHA512

      85689328f5d5b2613b7c87b5c54c1d83c5583d02f618b6e5df1c65ed874d17c38989b1193f2a58fe10f359869b850c3650f4a0af313388e2e78135bddedf81cb

    • SSDEEP

      393216:ScpHAghg3UBtEXKGZVHkcR3E3tne/RxqLQJ:SIAgW3UBaJisU3tnInJ

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks