Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PO.exe

  • Size

    91KB

  • Sample

    230721-h54flsdb7t

  • MD5

    828b4459d99914465eada4bbad18831a

  • SHA1

    b185cec5356aff06f17b0aa89c03feb7f53d1213

  • SHA256

    53fe49ca446d7a64bca8c7e40ceee6254302f0601478a8039a14296d20aafc6a

  • SHA512

    9b9c97d6f8a31e5bf336fcaf28d3c310b66bf36f05360a6acb32cdf4ee0898f1f61c8c200ec2b37d83c2ccc9459cfad6aa8629ec9f54455d688bd6c8e3559cba

  • SSDEEP

    1536:/fGHc4Qsw0vSw39fwzrNfv8zSAJa1jFbQZJ4iL8R9Pkqd60o4I:/6LbNfclEzluhIL4kqH4

Malware Config

Targets

    • Target

      PO.exe

    • Size

      91KB

    • MD5

      828b4459d99914465eada4bbad18831a

    • SHA1

      b185cec5356aff06f17b0aa89c03feb7f53d1213

    • SHA256

      53fe49ca446d7a64bca8c7e40ceee6254302f0601478a8039a14296d20aafc6a

    • SHA512

      9b9c97d6f8a31e5bf336fcaf28d3c310b66bf36f05360a6acb32cdf4ee0898f1f61c8c200ec2b37d83c2ccc9459cfad6aa8629ec9f54455d688bd6c8e3559cba

    • SSDEEP

      1536:/fGHc4Qsw0vSw39fwzrNfv8zSAJa1jFbQZJ4iL8R9Pkqd60o4I:/6LbNfclEzluhIL4kqH4

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks