Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ade04d8a75cdd78300fb20b8f7f1877700e800486c18398605e430238e771389

  • Size

    442KB

  • Sample

    230817-tbg63acb4t

  • MD5

    483b7dc5b76cab882f2f50be0c9cf674

  • SHA1

    68b36ad0850a7ed326f4610e184410120f56d5a5

  • SHA256

    ade04d8a75cdd78300fb20b8f7f1877700e800486c18398605e430238e771389

  • SHA512

    817df7c122e8eed9faa0c3d9c96f104a4c355a860e4a34f2bf2d7187b0dc41805c610420f6ba96cf923436396e5a63a2cd492da5e347a880b04584bbefb12aa4

  • SSDEEP

    6144:AqicncwMi6X5Zf9cH7ReZBwDL4/fKkPHqtRsUa068CCp5jAJG2JI6fmMHgLmQh:AqTcwmVO9eqL4xKrXaX8JZAg6xumq

Score
7/10

Malware Config

Targets

    • Target

      ade04d8a75cdd78300fb20b8f7f1877700e800486c18398605e430238e771389

    • Size

      442KB

    • MD5

      483b7dc5b76cab882f2f50be0c9cf674

    • SHA1

      68b36ad0850a7ed326f4610e184410120f56d5a5

    • SHA256

      ade04d8a75cdd78300fb20b8f7f1877700e800486c18398605e430238e771389

    • SHA512

      817df7c122e8eed9faa0c3d9c96f104a4c355a860e4a34f2bf2d7187b0dc41805c610420f6ba96cf923436396e5a63a2cd492da5e347a880b04584bbefb12aa4

    • SSDEEP

      6144:AqicncwMi6X5Zf9cH7ReZBwDL4/fKkPHqtRsUa068CCp5jAJG2JI6fmMHgLmQh:AqTcwmVO9eqL4xKrXaX8JZAg6xumq

    Score
    1/10
    • Target

      New Order.exe

    • Size

      889KB

    • MD5

      9cf6063608f250626f2834856396092c

    • SHA1

      98371d8f9c1002fb0f916c99649bea2ce6cae1b3

    • SHA256

      c9e9c0c331d38ad123557f095bf0eb4ee4e11d00a6b39e923a33e18102f91d4f

    • SHA512

      fc81ee5bcd34dc55ad161ac8dbf4afb1cdd54affab694b4c39f0a2d088ed1e529ba001fa4199278054c5efc349edb404bcd18eb79a1921defc7e4746c9d2b842

    • SSDEEP

      12288:dHsLMTTxTdyFOILC3KrXwX8dZAg6jumsMT:dHQGdVIO3cXwMzAPi3

    Score
    7/10
    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks