Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ant.exe

  • Size

    69.1MB

  • Sample

    230520-rtfd3scg37

  • MD5

    c810638c5cf0160ce895b92a367c3cba

  • SHA1

    7120957143b3e0bab98a926fe7025167f2e057a2

  • SHA256

    ee8021a0ed837e2ff4f302bd75a537fac58a3c8fcef858aed8dc2d9abd2addc8

  • SHA512

    b940df085494264650b9d7d1e7b98cd0aea7c8412c8879bdd43f02da29fa2205da5ea4268c65aead749aadc50016342698d52aef8ead30940e47a369dc260997

  • SSDEEP

    1572864:XjddGvDfvlA7QSq5iJBthhAQaRAVvhHUzqkbeIq6o3LuduCym0L6:TGvDfvO7/q5iHzmQ++Z8qkbeIqz3Lu6O

Score
7/10

Malware Config

Targets

    • Target

      ant.exe

    • Size

      69.1MB

    • MD5

      c810638c5cf0160ce895b92a367c3cba

    • SHA1

      7120957143b3e0bab98a926fe7025167f2e057a2

    • SHA256

      ee8021a0ed837e2ff4f302bd75a537fac58a3c8fcef858aed8dc2d9abd2addc8

    • SHA512

      b940df085494264650b9d7d1e7b98cd0aea7c8412c8879bdd43f02da29fa2205da5ea4268c65aead749aadc50016342698d52aef8ead30940e47a369dc260997

    • SSDEEP

      1572864:XjddGvDfvlA7QSq5iJBthhAQaRAVvhHUzqkbeIq6o3LuduCym0L6:TGvDfvO7/q5iHzmQ++Z8qkbeIqz3Lu6O

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks