Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

12/05/2023, 22:52

230512-2tm42aha2v 8

General

  • Target

    EAappInstaller.exe

  • Size

    2.4MB

  • Sample

    230512-2tm42aha2v

  • MD5

    f1110a1901aaedae7e072440d8b49e18

  • SHA1

    ebc8448a611d3dcd7ba79fb5441eae1dfd09d409

  • SHA256

    c68acde54d602e9acf20b3e5148e6b0d933a2353201337a0b97828ab1b7de340

  • SHA512

    d67f2350684e044131cb370722750eaad8acba047f550c5c738daf279cc93e53b7e55a6af5829e4bd1e26cb7039a0b9600d45f5f14e42860bc7f367b39546be1

  • SSDEEP

    49152:vT2pZ1kX9GzOcAxgjXE5AcjPqVA9RF2qs/4:vT0cXYKPxY05AcjPhRF274

Malware Config

Targets

    • Target

      EAappInstaller.exe

    • Size

      2.4MB

    • MD5

      f1110a1901aaedae7e072440d8b49e18

    • SHA1

      ebc8448a611d3dcd7ba79fb5441eae1dfd09d409

    • SHA256

      c68acde54d602e9acf20b3e5148e6b0d933a2353201337a0b97828ab1b7de340

    • SHA512

      d67f2350684e044131cb370722750eaad8acba047f550c5c738daf279cc93e53b7e55a6af5829e4bd1e26cb7039a0b9600d45f5f14e42860bc7f367b39546be1

    • SSDEEP

      49152:vT2pZ1kX9GzOcAxgjXE5AcjPqVA9RF2qs/4:vT0cXYKPxY05AcjPhRF274

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks