Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Nitro Giveaway.exe

  • Size

    4.5MB

  • Sample

    230723-3leclahf3s

  • MD5

    ac1c1e0f6655f7e96cc0462892b3ed6d

  • SHA1

    115c61abbfab4adad6cd9ac43f9c3cd843419371

  • SHA256

    82a1371c11aec9e8090bb454b1e82325600f090c281f9035478f39ed2c5e1f98

  • SHA512

    0ed002fc47d48775880fe429ca17f8c8afda85d9baee826470ddf4be276071cfbc39cb2801c6c114a2121adbbfe98385a4f78dc5b083d3ee8fd81619132fdf89

  • SSDEEP

    98304:TQf3s64R9ybzUcwti78OqJ7TPBF3ZlHHgkWJ0P39qXSaDv:KzUcwti7TQlF3ZxxWJSUnDv

Score
10/10

Malware Config

Targets

    • Target

      Nitro Giveaway.exe

    • Size

      4.5MB

    • MD5

      ac1c1e0f6655f7e96cc0462892b3ed6d

    • SHA1

      115c61abbfab4adad6cd9ac43f9c3cd843419371

    • SHA256

      82a1371c11aec9e8090bb454b1e82325600f090c281f9035478f39ed2c5e1f98

    • SHA512

      0ed002fc47d48775880fe429ca17f8c8afda85d9baee826470ddf4be276071cfbc39cb2801c6c114a2121adbbfe98385a4f78dc5b083d3ee8fd81619132fdf89

    • SSDEEP

      98304:TQf3s64R9ybzUcwti78OqJ7TPBF3ZlHHgkWJ0P39qXSaDv:KzUcwti7TQlF3ZxxWJSUnDv

    Score
    9/10
    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks