Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Purchase order_1.zip

  • Size

    598KB

  • Sample

    230802-m84yrsec96

  • MD5

    06e8b35be02f02b6faa8b5c63877fa93

  • SHA1

    09adba78341b06ef30849afabb1821acab785531

  • SHA256

    995224009fd7cb63eef774208d209cb3af834ad3cb754b046f9cd14ce1c4354e

  • SHA512

    069d499263f64c840d25cecc1ed636ec44d5f6e5148cc69fc35ea77fb7a30d9e2da71329a511c3a823111bec485b26548936da28998238e63e203dda6134a1f4

  • SSDEEP

    12288:xjGsJ/guiDS7ng4Dq6+CYWpx9EMCXAy+ZrPB/RFfrqK+mcoTuJ:NPpguiDSTg4+6+CfETsLzqK9pi

Score
7/10

Malware Config

Targets

    • Target

      Purchase order.exe

    • Size

      663KB

    • MD5

      2066bebe7c32cf52b2e7e5b2ae6dcf5b

    • SHA1

      acc4a396e69d6bb6de3791d8cda944d899f524e8

    • SHA256

      20ca9236b9070c02ddedeed75c4b5b478a06f31c9a3d714105503a17595e386f

    • SHA512

      2394649c626df36f6f2d4c4348cacda22e019f936268c90197ff5b182ab7d6b71dff5d5305f611ede3fa19d0dda7a072e44e3ecf985c3f761e15d5e1aed7de5e

    • SSDEEP

      12288:Og7Jh13m+oB7VDW5pJN89HCpxHEM8XGysZrPBVr3UoKl:Og7tW+oBJD6prbEN6JNy

    Score
    7/10
    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks