Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

09/07/2023, 06:13

230709-gyq19sbf6v 8

01/02/2023, 12:47

230201-p1fmbafb3x 8

General

  • Target

    Your File Is Ready To Download.exe

  • Size

    1.6MB

  • Sample

    230709-gyq19sbf6v

  • MD5

    0cc5612e909e1df2c53ae56ad258bb21

  • SHA1

    f134a96132867224b2e0a0a06a6e21714de859d7

  • SHA256

    87c79d29737dca30e36aac1c90ac3eab82f71393b815a9d7c086565e257fd434

  • SHA512

    97d9c4fd420ac08ed5e21d48810e78dc13375141aa1f072fbe33fd6b2caf19f576aa99953ec0ea0f10104561a137a118ce615a1e0949ff41e2d071cffa23de1b

  • SSDEEP

    24576:14nXubIQGyxbPV0db26yZm6lubtQo+8YzqNAh3XBQ0FPcQsY8Nl85Xab6s5vT:1qe3f6h6lut9+QAPcTYy2W7

Malware Config

Targets

    • Target

      Your File Is Ready To Download.exe

    • Size

      1.6MB

    • MD5

      0cc5612e909e1df2c53ae56ad258bb21

    • SHA1

      f134a96132867224b2e0a0a06a6e21714de859d7

    • SHA256

      87c79d29737dca30e36aac1c90ac3eab82f71393b815a9d7c086565e257fd434

    • SHA512

      97d9c4fd420ac08ed5e21d48810e78dc13375141aa1f072fbe33fd6b2caf19f576aa99953ec0ea0f10104561a137a118ce615a1e0949ff41e2d071cffa23de1b

    • SSDEEP

      24576:14nXubIQGyxbPV0db26yZm6lubtQo+8YzqNAh3XBQ0FPcQsY8Nl85Xab6s5vT:1qe3f6h6lut9+QAPcTYy2W7

    • Modifies AppInit DLL entries

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks