Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

08/05/2023, 15:21

230508-srd9nsbd23 3

08/05/2023, 15:12

230508-slmc4abc64 8

General

  • Target

    launcherfull-shiginima-v4400-pc.zip

  • Size

    4.8MB

  • Sample

    230508-slmc4abc64

  • MD5

    7e90d8cf11b36e8d8ddfd24b787e1216

  • SHA1

    ef3ced3c98a306598e869a3b8020ab99d552e6b2

  • SHA256

    3bc1e207766bcff7b7328c5d336ec8e9211485cfd05242a0ff79e1a8ef49b1fb

  • SHA512

    0de23d403ffafc55581fc885bb1cc592d52fbd02d84e6ecb81cc0cace83da42e3927e40638214a506e445e1d3a66444fbc1c239b695b1e6eeb1ca9f2c8d1a72c

  • SSDEEP

    98304:rHGwng2vWbuRE18PjjbLaP3sD5itHHHP6pgwIF4agdyYA8Cn7LYJcj:L7nl+cm8aP3rHn9wU4agNCnwWj

Malware Config

Targets

    • Target

      launcherfull-shiginima-v4400.exe

    • Size

      5.4MB

    • MD5

      c3db052da531710367faf5e011475715

    • SHA1

      46f599e4e1ece582006739debe0a522925a9cd13

    • SHA256

      7c6220b046553f9c95b8098ff83bfc6b7828093650becbc1b44e3d7819d7efd1

    • SHA512

      67bfb67b36dab91e37b1ada7fbd688dc39cf19c337e3938d1f7e4f47173b7dc9d0b93dc035d6511ce65b8fe44384bb9cffa9953e97c6fffadb29fd561eec7feb

    • SSDEEP

      98304:qpTJ89MMbcZsgsDlilods/txVGHTJKsTnEFnAzvDfBzXEYNsJ5Ono:aTm9MMbcFililB0HdRTnEFnAzlEQsJ5H

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v6

Tasks