Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.24110.16531.exe

  • Size

    647KB

  • Sample

    231003-xalpmseh5y

  • MD5

    77228713b1ae12efaddd001535782c1d

  • SHA1

    a8270c88399a47d739289190f1a06da12d55afbc

  • SHA256

    8a6c6cf2621bc864fe773ead086f95b0d95a6d959f0920b59c571242ef5aa126

  • SHA512

    b1ce8a004fc08c09715ac6459556f2d8d6cbeee9c34d1efd9584ccdba982349b868676f238a655224eb9705e467d1abff008b84c9095469b96dea2a211b20a29

  • SSDEEP

    12288:AJysnoROJFmRp7OCy+RFS5p/IoGB5EErDIrQz+CUB8QvpKU8b6ZsZKpn6s+jfOF5:IoqMRp7OCZ2DGB5EErh2vp+OZsns+i

Malware Config

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.24110.16531.exe

    • Size

      647KB

    • MD5

      77228713b1ae12efaddd001535782c1d

    • SHA1

      a8270c88399a47d739289190f1a06da12d55afbc

    • SHA256

      8a6c6cf2621bc864fe773ead086f95b0d95a6d959f0920b59c571242ef5aa126

    • SHA512

      b1ce8a004fc08c09715ac6459556f2d8d6cbeee9c34d1efd9584ccdba982349b868676f238a655224eb9705e467d1abff008b84c9095469b96dea2a211b20a29

    • SSDEEP

      12288:AJysnoROJFmRp7OCy+RFS5p/IoGB5EErDIrQz+CUB8QvpKU8b6ZsZKpn6s+jfOF5:IoqMRp7OCZ2DGB5EErh2vp+OZsns+i

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks