Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    BANCO HSBC PAGO EXITOSO FECHA VALOR 16 AGOSTO 2023.exe

  • Size

    668KB

  • Sample

    230817-wwhdnsbh45

  • MD5

    a9a44220f7819f03d7b8474033b169ee

  • SHA1

    0f0bf5382702736838907fd65e5dd7e50616f305

  • SHA256

    1f3138026ba3af1ba357d822d95ef957d2661426ab28a7203263d8239b63dafa

  • SHA512

    255bc358ad925873d382461ad5000f9f55d96c10751a5c682882cee61e363dbbbba2eb405c91ab3ae12df343e84ce9bf04f0e866846317e5ac5288e9d9eb549b

  • SSDEEP

    12288:O3uLTTe2xpDl+C2wVWxDGbec0r3g5Lp/Q8sBB/nVP3FHHCNzNui9neZrgOV8:YoTZR4DGH0r3gRp/vipn3CNMhrg

Score
7/10

Malware Config

Targets

    • Target

      BANCO HSBC PAGO EXITOSO FECHA VALOR 16 AGOSTO 2023.exe

    • Size

      668KB

    • MD5

      a9a44220f7819f03d7b8474033b169ee

    • SHA1

      0f0bf5382702736838907fd65e5dd7e50616f305

    • SHA256

      1f3138026ba3af1ba357d822d95ef957d2661426ab28a7203263d8239b63dafa

    • SHA512

      255bc358ad925873d382461ad5000f9f55d96c10751a5c682882cee61e363dbbbba2eb405c91ab3ae12df343e84ce9bf04f0e866846317e5ac5288e9d9eb549b

    • SSDEEP

      12288:O3uLTTe2xpDl+C2wVWxDGbec0r3g5Lp/Q8sBB/nVP3FHHCNzNui9neZrgOV8:YoTZR4DGH0r3gRp/vipn3CNMhrg

    Score
    7/10
    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks