Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SecuriteInfo.com.Win32.RATX-gen.9787.5644

  • Size

    677KB

  • Sample

    230818-nt78baag4x

  • MD5

    d850cf00d51bc4218cd3a7811f111ad7

  • SHA1

    e8c31a8b122e0be1d714a612cf496ddf84a234a0

  • SHA256

    1169ffd244039e5cca44ee8af96966f40637ca679ac59e4e3f71c49c8625734c

  • SHA512

    332c1795e8b7a7a013e74602d704b3e1ab93cf0fb9196856fd2c5924d591a863ec9547477325e8091833f2744463698ff0d92931b9dffb3d6a980651c617603b

  • SSDEEP

    12288:AMmHFFDO9S6WDBD45nafiYNSCX7LYg5Prkt:VmXO7utD9LYg1rk

Score
7/10

Malware Config

Targets

    • Target

      SecuriteInfo.com.Win32.RATX-gen.9787.5644

    • Size

      677KB

    • MD5

      d850cf00d51bc4218cd3a7811f111ad7

    • SHA1

      e8c31a8b122e0be1d714a612cf496ddf84a234a0

    • SHA256

      1169ffd244039e5cca44ee8af96966f40637ca679ac59e4e3f71c49c8625734c

    • SHA512

      332c1795e8b7a7a013e74602d704b3e1ab93cf0fb9196856fd2c5924d591a863ec9547477325e8091833f2744463698ff0d92931b9dffb3d6a980651c617603b

    • SSDEEP

      12288:AMmHFFDO9S6WDBD45nafiYNSCX7LYg5Prkt:VmXO7utD9LYg1rk

    Score
    7/10
    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks