Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dccb8f7c69c11a9cea9ef677a731485011c8cceea215dce6398eca4cbf9aa272

  • Size

    479KB

  • Sample

    230506-a8c4tshe6s

  • MD5

    f51379345890bdf62c00cf7768cf8fe4

  • SHA1

    fea0b0e106b2ebe6a0125ab83b64a2ebce516525

  • SHA256

    dccb8f7c69c11a9cea9ef677a731485011c8cceea215dce6398eca4cbf9aa272

  • SHA512

    6e3a19a5f34db95282032bcc603c1281d94fd8a1603097e275ab71cf8a7dbe06c3f8f4e96ef9534282fbf97115f56b5d039717e43d8c1bf5aeb15cfb6b018c09

  • SSDEEP

    12288:ZMrey90PMaWwKxuSFMlFGmC2RQbRyV+gdvV+LBbqe8:7yaMBwcuSF+42m0V+sVkBOe8

Malware Config

Targets

    • Target

      dccb8f7c69c11a9cea9ef677a731485011c8cceea215dce6398eca4cbf9aa272

    • Size

      479KB

    • MD5

      f51379345890bdf62c00cf7768cf8fe4

    • SHA1

      fea0b0e106b2ebe6a0125ab83b64a2ebce516525

    • SHA256

      dccb8f7c69c11a9cea9ef677a731485011c8cceea215dce6398eca4cbf9aa272

    • SHA512

      6e3a19a5f34db95282032bcc603c1281d94fd8a1603097e275ab71cf8a7dbe06c3f8f4e96ef9534282fbf97115f56b5d039717e43d8c1bf5aeb15cfb6b018c09

    • SSDEEP

      12288:ZMrey90PMaWwKxuSFMlFGmC2RQbRyV+gdvV+LBbqe8:7yaMBwcuSF+42m0V+sVkBOe8

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks