Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    17652d33f21e1d3b977e02389d90e796e3b3e0fce1e910f2e9a8fb14b4548ed1

  • Size

    329KB

  • Sample

    230529-3lmc7sea33

  • MD5

    494d6a9bb196ae12207d45fa05c9e475

  • SHA1

    c538151d186f2e0ff4034dcc7f66a10587d1729f

  • SHA256

    17652d33f21e1d3b977e02389d90e796e3b3e0fce1e910f2e9a8fb14b4548ed1

  • SHA512

    35dc37e7378a3adc8ae7723bbd218afda2ffa61fb0688b6f33009869b7356912db347ac69f1e07fe577e9ebacb4b3ae8510f1a36641736d2c65141d8e9d3b4f1

  • SSDEEP

    3072:znmYhJSd+BNNJXWBOAjKATP66ltkcE3aBpREmNrCJBEtcjt/ajAu1uCNgOXU4fdS:Tmsc+vAj7P66lqcBpREm9+BK8u1uEg

Malware Config

Targets

    • Target

      17652d33f21e1d3b977e02389d90e796e3b3e0fce1e910f2e9a8fb14b4548ed1

    • Size

      329KB

    • MD5

      494d6a9bb196ae12207d45fa05c9e475

    • SHA1

      c538151d186f2e0ff4034dcc7f66a10587d1729f

    • SHA256

      17652d33f21e1d3b977e02389d90e796e3b3e0fce1e910f2e9a8fb14b4548ed1

    • SHA512

      35dc37e7378a3adc8ae7723bbd218afda2ffa61fb0688b6f33009869b7356912db347ac69f1e07fe577e9ebacb4b3ae8510f1a36641736d2c65141d8e9d3b4f1

    • SSDEEP

      3072:znmYhJSd+BNNJXWBOAjKATP66ltkcE3aBpREmNrCJBEtcjt/ajAu1uCNgOXU4fdS:Tmsc+vAj7P66lqcBpREm9+BK8u1uEg

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks