Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Avast Cleanup Premium.exe

  • Size

    78.0MB

  • Sample

    230627-et7gcada44

  • MD5

    0384071f9689dd73ab62e01ea41d10c3

  • SHA1

    0543f15b99f606b8f5d01f5b80cdec9d8b7a1a13

  • SHA256

    e1c2d482dbaf5814baa67c3ee21f62516b573676a90057c9f6544c7f887b33c9

  • SHA512

    01dd6d1efca9362759e65e666cf92294dcedada5edc1e7dc9458811c9ac1953ffd4ca98fb8c96aa7770533ac168c603c337f17ee430af6557b6cc0a4486f31c3

  • SSDEEP

    1572864:g/5BlBjXG7qJomGLGH+RXY3TRyU1lRs29Qq2AEs:AlB2GJodGuY3TDyq2AEs

Malware Config

Targets

    • Target

      Avast Cleanup Premium.exe

    • Size

      78.0MB

    • MD5

      0384071f9689dd73ab62e01ea41d10c3

    • SHA1

      0543f15b99f606b8f5d01f5b80cdec9d8b7a1a13

    • SHA256

      e1c2d482dbaf5814baa67c3ee21f62516b573676a90057c9f6544c7f887b33c9

    • SHA512

      01dd6d1efca9362759e65e666cf92294dcedada5edc1e7dc9458811c9ac1953ffd4ca98fb8c96aa7770533ac168c603c337f17ee430af6557b6cc0a4486f31c3

    • SSDEEP

      1572864:g/5BlBjXG7qJomGLGH+RXY3TRyU1lRs29Qq2AEs:AlB2GJodGuY3TDyq2AEs

    • UAC bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v6

Tasks