Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    25c0a17378ed06exeexeexeex.exe

  • Size

    204KB

  • Sample

    230706-n5v25abh9t

  • MD5

    25c0a17378ed06242717e69b42b51b8d

  • SHA1

    2592ea2f28efe478ac042edf2c0a8739941054f8

  • SHA256

    e8f779aa8691150666aebdc3bd4b57b0dcdf43ab76ddb3d3d673cd3889019088

  • SHA512

    f6ab5df57fa1de2d7fdf1420aced07b4441e4208035ef112b97dd16b7c367b176f61c13115a20eefb8eacfb27990d4384488992c203f6bbc677a3429676fea6b

  • SSDEEP

    3072:6ho1jshIqjLdyQb1HIRe39gmpB0JI43GrforUZ9HtSAVX8iqOTwLWe:6ho1fQpB3rpBOhW8rUZ9NhXAO2n

Malware Config

Targets

    • Target

      25c0a17378ed06exeexeexeex.exe

    • Size

      204KB

    • MD5

      25c0a17378ed06242717e69b42b51b8d

    • SHA1

      2592ea2f28efe478ac042edf2c0a8739941054f8

    • SHA256

      e8f779aa8691150666aebdc3bd4b57b0dcdf43ab76ddb3d3d673cd3889019088

    • SHA512

      f6ab5df57fa1de2d7fdf1420aced07b4441e4208035ef112b97dd16b7c367b176f61c13115a20eefb8eacfb27990d4384488992c203f6bbc677a3429676fea6b

    • SSDEEP

      3072:6ho1jshIqjLdyQb1HIRe39gmpB0JI43GrforUZ9HtSAVX8iqOTwLWe:6ho1fQpB3rpBOhW8rUZ9NhXAO2n

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks