Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    main.exe

  • Size

    82.5MB

  • Sample

    230724-cg2zzshe67

  • MD5

    1e6f75bc5ed093e5c87a8abc9792afa1

  • SHA1

    038a9b3e253a383a1de435b410a1cd2c5037631f

  • SHA256

    19774a82c2c0a4d872e60a3fa062c3e44cf4e9f3504e0501112f58437e7654ad

  • SHA512

    9e34447b98efa11809bfbef37b64be14c20d9aebb0b49899b3e3ffa86e1ce1fb0a5d27a791b9e8a46ebbeae12882404e91214dc2e5957a2f4340d276f0dd4af9

  • SSDEEP

    1572864:h1QtatodMkRCtQkTMT2Zr9yre77nD0C2Q0Q/KZYlct2uC9b2R23Sb/U3viOmWvHs:/rkkQkTyCAS/D1SQct2uC9b2xM3v3mwM

Malware Config

Targets

    • Target

      main.exe

    • Size

      82.5MB

    • MD5

      1e6f75bc5ed093e5c87a8abc9792afa1

    • SHA1

      038a9b3e253a383a1de435b410a1cd2c5037631f

    • SHA256

      19774a82c2c0a4d872e60a3fa062c3e44cf4e9f3504e0501112f58437e7654ad

    • SHA512

      9e34447b98efa11809bfbef37b64be14c20d9aebb0b49899b3e3ffa86e1ce1fb0a5d27a791b9e8a46ebbeae12882404e91214dc2e5957a2f4340d276f0dd4af9

    • SSDEEP

      1572864:h1QtatodMkRCtQkTMT2Zr9yre77nD0C2Q0Q/KZYlct2uC9b2R23Sb/U3viOmWvHs:/rkkQkTyCAS/D1SQct2uC9b2xM3v3mwM

    • UAC bypass

    • Disables RegEdit via registry modification

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks