Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.10653.20560

  • Size

    886KB

  • Sample

    230821-v5pnnsgd4y

  • MD5

    11abb9235921c95264b1e8aee5cb1a1e

  • SHA1

    6a5c98951640de354b53df5d959ff7868933cf65

  • SHA256

    2856592b60d78f976492007d0a0d846070a9cfe90c586f104c84f6c38aed2ff2

  • SHA512

    da8e2800e708e8e9c1872fb29c61560d5656c4f2f402046100fc813e9ed440cc69382429d2ee6bcea47eafed1ee968b9be597d81f177fc65c41d63effc408d40

  • SSDEEP

    12288:6+70pKXQl2FNGp7SWriPIoVcdR+OdUJXceGebdjndH3qpA:36wdZXJljndap

Malware Config

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.10653.20560

    • Size

      886KB

    • MD5

      11abb9235921c95264b1e8aee5cb1a1e

    • SHA1

      6a5c98951640de354b53df5d959ff7868933cf65

    • SHA256

      2856592b60d78f976492007d0a0d846070a9cfe90c586f104c84f6c38aed2ff2

    • SHA512

      da8e2800e708e8e9c1872fb29c61560d5656c4f2f402046100fc813e9ed440cc69382429d2ee6bcea47eafed1ee968b9be597d81f177fc65c41d63effc408d40

    • SSDEEP

      12288:6+70pKXQl2FNGp7SWriPIoVcdR+OdUJXceGebdjndH3qpA:36wdZXJljndap

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks