Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SecuriteInfo.com.Trojan.PackedNET.2235.1062.27589.exe

  • Size

    898KB

  • Sample

    230803-n3e8wsec6x

  • MD5

    16b790fa266f1f6377b3bc9188467d63

  • SHA1

    3000fb1fa046885e27cb7bc87812bdbfd5857ec3

  • SHA256

    4767c41f81908b4c8afe3af843e684b65101f8e66e9ac7320b89b31d69e755b9

  • SHA512

    28f5b52b89ab72dae896019f1a2de2a30f2142ea9763675aeea36b6e21f53908a97e846d5ac222feeaafc94eb310aded94a77abc80476b51fd87b45d6e1a7645

  • SSDEEP

    24576:NWpppNpppppoOQpppNpppppoOzuayAeUvN+FZdjo1:NxO7OzAAe6+F7jo1

Malware Config

Targets

    • Target

      SecuriteInfo.com.Trojan.PackedNET.2235.1062.27589.exe

    • Size

      898KB

    • MD5

      16b790fa266f1f6377b3bc9188467d63

    • SHA1

      3000fb1fa046885e27cb7bc87812bdbfd5857ec3

    • SHA256

      4767c41f81908b4c8afe3af843e684b65101f8e66e9ac7320b89b31d69e755b9

    • SHA512

      28f5b52b89ab72dae896019f1a2de2a30f2142ea9763675aeea36b6e21f53908a97e846d5ac222feeaafc94eb310aded94a77abc80476b51fd87b45d6e1a7645

    • SSDEEP

      24576:NWpppNpppppoOQpppNpppppoOzuayAeUvN+FZdjo1:NxO7OzAAe6+F7jo1

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks