Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SHIPMENT SRK CONTRO.zip

  • Size

    667KB

  • Sample

    230816-pmrsesce8t

  • MD5

    ff713daad2d3fd35b5ad0690cd8e4789

  • SHA1

    bbaa0aecf8f2c5f962272b032fa1358e15fabf85

  • SHA256

    5481f96217dc7e0bf68137087640a39ab609f4854cea9a13f92815c1c5a1adf9

  • SHA512

    2a2f977beae09d576694d8d0ec166c655d17802353c8b6e04b4a419ab116d99fe62e70e4dc10a44306cd9279d9f1312b51c3e348551714d2970de98f160f7739

  • SSDEEP

    12288:YzheP1/7qrGM4hYvbDvpnusiu4fo9RGUarVp9oQ6eF4M7+WFlWbgP/a5ct2kg:FN2rNbLBXiu4Q9RGUarBjl7+kOgaevg

Malware Config

Targets

    • Target

      SHIPMENT SRK CONTRO.exe

    • Size

      747KB

    • MD5

      05d2b3c11cfa177346cd9bf722f93617

    • SHA1

      76ff3c88e8e47ba832ac1351508186dc8e031205

    • SHA256

      111955a5d7cb6b3059b043fd5cfd02827e0be24723c08133890836fc7b5c6121

    • SHA512

      5e10cde7ac4141a2040a5155768a987c7d0df24415255925638090af15ea06465d301e40c367892af5ba37def6ff53a5241362e4795509b6419060cceb62a3d5

    • SSDEEP

      12288:ncYFGGTIYlV2UwzPrJbJIKQt429aZaLVZ9oQSen4M7+W+yp2h0:cYFxIYlVNwTkF9aZaLtXL7+F90

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks