Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JUNE-JULY SOA 2023.zip

  • Size

    500KB

  • Sample

    230815-nwqq2sae54

  • MD5

    bbf7edd13ab0ca0c989ff60cf6148dea

  • SHA1

    4f00f6a02266c0da97dca5aa61e87349902b4cae

  • SHA256

    7ae9d08f55abb7966be487918cc3bc4ce87771b8a038503b05cb3a72942ea637

  • SHA512

    de5aa649438b9f04cf3f232ac71a6de652162a003e7cb6fffa3c09651cc16ed89a393d74d6a9a86b3799c9dc3bcc2794621ca7a9c20a2f9ba67bd805284f0754

  • SSDEEP

    12288:MWbOqgaBBCy+EcceJZw7OGg2iaHHGmZPC2JmqlF2+N18Mb3LI9qEIFPZ:pbOqg++DJCaGcmZaFCFNN18M3mG

Malware Config

Targets

    • Target

      JUNE-JULY SOA 2023.exe

    • Size

      792KB

    • MD5

      0e842fe358b1b58b27f656e6a560a384

    • SHA1

      8d74628d62c52de01c5df2d663c87aedde613c71

    • SHA256

      b86b07dd168ae86bbfc16822df78793e8fbf52401673636047e8472fcd78ff26

    • SHA512

      84ec1bf1b7396b9ec6576a945fa825e578a6076c6b5aa3f2596af5461204590cd3dfe61e6780adea56137981cfd377f6456256f0f9e23cf7fcddc661c524e6fe

    • SSDEEP

      24576:ROguGvTGa60CZQPCFVNr8MxKRs6CE3jLMpppdpppppUO9Rs6CE3jLMpppdpppppb:vuuPV1QVNr8TRs6CE3jLbO9Rs6CE3jL6

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks