Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    70fc1cb8040d8c_JC.exe

  • Size

    329KB

  • Sample

    230716-qcvl1afh41

  • MD5

    70fc1cb8040d8cf805935315c7748542

  • SHA1

    c266c308eac95687553a3577fee1438714681535

  • SHA256

    84723ebfd4d98baaf0cd21ebd0fc695734ea99ecd946d9ba334199de65d0221a

  • SHA512

    5e0ced633bf82472886b8c5fa15701a5d1cddeb262a10d44930955e0cf6da7e720323bb7e2ea73150e186e30dce8d7066c34f32fa8761c86440725718c140414

  • SSDEEP

    6144:jVBjI4zHp2b1I1NXp3AdoIFr52mmWGZNBS5qldVbNb5vx+FF95ri1HswCDXNrGV9:7IQ0b1IX90oIFr52mC3S5q5to5W1HAjk

Malware Config

Targets

    • Target

      70fc1cb8040d8c_JC.exe

    • Size

      329KB

    • MD5

      70fc1cb8040d8cf805935315c7748542

    • SHA1

      c266c308eac95687553a3577fee1438714681535

    • SHA256

      84723ebfd4d98baaf0cd21ebd0fc695734ea99ecd946d9ba334199de65d0221a

    • SHA512

      5e0ced633bf82472886b8c5fa15701a5d1cddeb262a10d44930955e0cf6da7e720323bb7e2ea73150e186e30dce8d7066c34f32fa8761c86440725718c140414

    • SSDEEP

      6144:jVBjI4zHp2b1I1NXp3AdoIFr52mmWGZNBS5qldVbNb5vx+FF95ri1HswCDXNrGV9:7IQ0b1IX90oIFr52mC3S5q5to5W1HAjk

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks