Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    WinRAR

  • Size

    7.5MB

  • Sample

    230918-lpbmfagd9w

  • MD5

    594b89043f7f46da2e009ef65088f456

  • SHA1

    f09204613c16f11eb6b9b540bb5c9fb2bb5b9802

  • SHA256

    8a597a8e9860ac2acab782024cb920c47538d1cb9d8aefb37ac8404975197e2a

  • SHA512

    0fcb7f74866a1aefae076d47a7b5c5caa65eb96b62d812c43efaf263adb4cd73f00673e27404b08c2d7e44c5ca8820e19bd25ca14e72e8fe7e4db473ae082430

  • SSDEEP

    98304:Jwe+eYgI6OshoKyDvuIYc5AhV+gEc4kZvRLoI0EJfNA3z5UTbUv9JTSPhlVtQo1J:JFYmOshoKMuIkhVastRL5Di3tKoSPJh

Malware Config

Targets

    • Target

      WinRAR

    • Size

      7.5MB

    • MD5

      594b89043f7f46da2e009ef65088f456

    • SHA1

      f09204613c16f11eb6b9b540bb5c9fb2bb5b9802

    • SHA256

      8a597a8e9860ac2acab782024cb920c47538d1cb9d8aefb37ac8404975197e2a

    • SHA512

      0fcb7f74866a1aefae076d47a7b5c5caa65eb96b62d812c43efaf263adb4cd73f00673e27404b08c2d7e44c5ca8820e19bd25ca14e72e8fe7e4db473ae082430

    • SSDEEP

      98304:Jwe+eYgI6OshoKyDvuIYc5AhV+gEc4kZvRLoI0EJfNA3z5UTbUv9JTSPhlVtQo1J:JFYmOshoKMuIkhVastRL5Di3tKoSPJh

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks