Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    8.9MB

  • Sample

    230802-v51e6shd4y

  • MD5

    887c0911835ace94104d8c570632409a

  • SHA1

    3192b8b83d62a44b22dbdd9f627fde49d16e5350

  • SHA256

    6c54458a3df80f3801df48d60cbafaa64b643f155bdd608140ef508134d52d68

  • SHA512

    f24b3e601874d7f5816f6c5d94598a4e94df6195ad52c32fc716e2c0a7ea518cd6f936722e2eb4654b70d2666365cbd4435bd095633a47d802b6cd1fb41b3bc7

  • SSDEEP

    196608:4Z1+0PfiEOE6NJ8Jkt9KCS1r8ek//fCc3NbFmQLG:4Z1PSEz6GkLS1r8ek/CH4G

Malware Config

Targets

    • Target

      file.exe

    • Size

      8.9MB

    • MD5

      887c0911835ace94104d8c570632409a

    • SHA1

      3192b8b83d62a44b22dbdd9f627fde49d16e5350

    • SHA256

      6c54458a3df80f3801df48d60cbafaa64b643f155bdd608140ef508134d52d68

    • SHA512

      f24b3e601874d7f5816f6c5d94598a4e94df6195ad52c32fc716e2c0a7ea518cd6f936722e2eb4654b70d2666365cbd4435bd095633a47d802b6cd1fb41b3bc7

    • SSDEEP

      196608:4Z1+0PfiEOE6NJ8Jkt9KCS1r8ek//fCc3NbFmQLG:4Z1PSEz6GkLS1r8ek/CH4G

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks