Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    FileZilla_3.34.0_win64-setup_bundled.exe.7z

  • Size

    8.5MB

  • Sample

    230517-wk6xwsga58

  • MD5

    044eb39dea066c310e29fbd0baab32bb

  • SHA1

    e2cf4244ca03027b28cf88e7d1661faaf93999be

  • SHA256

    00490e7012d6bde58cab3917eb99311998aca96d0e20ad7c59d7b105bbf0d7dc

  • SHA512

    337f23bb3c7bf36a46389aa7d6c2481dcc245a2ae37919344cfe3cca0f6fb04d602eb0646cf448964696042ab4643e10ff2ef4203de69ec04e3b9643fb0eac7c

  • SSDEEP

    196608:+t12KEnaAGIHKlV89TjYFxIB/lY4v4eP/3f7CdyLy7OV/83Z4ctGZXU:QwZHFC81jYF2B/lP4sPf7CAu7OVU3ycu

Malware Config

Targets

    • Target

      FileZilla_3.34.0_win64-setup_bundled.exe

    • Size

      8.5MB

    • MD5

      5bed324d68ab49f86590bcfb1b1ba69d

    • SHA1

      7f356de06621b96795efe03be0569cf0475baa74

    • SHA256

      3129fd5421c1a71c0673f4cae5349b4a98d4e93da9c41ace1bcacdc9ebf9c0ff

    • SHA512

      a45473a16f271755fe53110108d6ac67c5f22a07c9e74e15344ed6926c1cf83131d975ff90d46d68b407dc16a396f48411cc077cb7ab57bf3589c7cfcb9f959e

    • SSDEEP

      196608:4XBTE6e9APaebTAQ/KTKQCtSIetELdlvWDmhd7zFgq9fTJ6ih:4XBTEX95cT1/EStcGnvWYFg+Ph

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks