Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    571b88e7d9ff156906c491da834352232e1c7175f970570edaf42d41b8dc069c

  • Size

    193KB

  • Sample

    231001-3nc8baee4x

  • MD5

    a502d3ba5e0347e0067eb9a4202e32cb

  • SHA1

    ce3b89d70374c31d778e536364890e276b9f06ff

  • SHA256

    571b88e7d9ff156906c491da834352232e1c7175f970570edaf42d41b8dc069c

  • SHA512

    2b2244967de7d0918f82d15cc6839a4b463a8f0c68266a239cf5974aae1c91604fad8063d728ed8237cd03f32bd25c77105e8f873b36790e6df60ed9ea42b962

  • SSDEEP

    3072:fP5gvNVLIfHQja1RfmLQADwSKkhU+tLgT5lODbiC8r1PkT:X2vnSwjaOcADw9cUeCOf

Malware Config

Targets

    • Target

      571b88e7d9ff156906c491da834352232e1c7175f970570edaf42d41b8dc069c

    • Size

      193KB

    • MD5

      a502d3ba5e0347e0067eb9a4202e32cb

    • SHA1

      ce3b89d70374c31d778e536364890e276b9f06ff

    • SHA256

      571b88e7d9ff156906c491da834352232e1c7175f970570edaf42d41b8dc069c

    • SHA512

      2b2244967de7d0918f82d15cc6839a4b463a8f0c68266a239cf5974aae1c91604fad8063d728ed8237cd03f32bd25c77105e8f873b36790e6df60ed9ea42b962

    • SSDEEP

      3072:fP5gvNVLIfHQja1RfmLQADwSKkhU+tLgT5lODbiC8r1PkT:X2vnSwjaOcADw9cUeCOf

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks