Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ORDER 03949.exe

  • Size

    714KB

  • Sample

    230824-lml1dsda3z

  • MD5

    cf1b1278beb043e688ffa8440d0a4c3a

  • SHA1

    8c793a3060b5bc8fd7c2ddd6b7bf9db52a05b0fd

  • SHA256

    2fb6bc99ffadcb8e65b4db0e7df125ea0ffd455c6ff4aae04e775e87a4b51d8d

  • SHA512

    7a4faac5aa927d68007fbb37cf3a247adf34f88ba503b9c531aeaea48bdc0ddcbdf09b9cffb8fbc557d30edd3ac435869643be2ce1dbc0de01a6693adfde6d7b

  • SSDEEP

    12288:NdfSRtv2lq3PaTySO87/h34IpGjYK7DuqCOqehJB0YxdZNw2sKAA3P:Na2lq3yTySr7/B4yvrWB5hK2vAA

Score
7/10

Malware Config

Targets

    • Target

      ORDER 03949.exe

    • Size

      714KB

    • MD5

      cf1b1278beb043e688ffa8440d0a4c3a

    • SHA1

      8c793a3060b5bc8fd7c2ddd6b7bf9db52a05b0fd

    • SHA256

      2fb6bc99ffadcb8e65b4db0e7df125ea0ffd455c6ff4aae04e775e87a4b51d8d

    • SHA512

      7a4faac5aa927d68007fbb37cf3a247adf34f88ba503b9c531aeaea48bdc0ddcbdf09b9cffb8fbc557d30edd3ac435869643be2ce1dbc0de01a6693adfde6d7b

    • SSDEEP

      12288:NdfSRtv2lq3PaTySO87/h34IpGjYK7DuqCOqehJB0YxdZNw2sKAA3P:Na2lq3yTySr7/B4yvrWB5hK2vAA

    Score
    7/10
    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks