Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Yandex.exe

  • Size

    4.1MB

  • Sample

    231010-hh1q7sbf5w

  • MD5

    5600b8bc13cde04b710bafe059d3435d

  • SHA1

    f6fac7d7809fe8e2a192483635d9f41f6cb6d497

  • SHA256

    9098f0f0569a01c61fd82b91aa02634295b6adbe8d2a95e57db0eac666f6f16f

  • SHA512

    01ff62a69eb590e7db293cf5026e44c71d76deae27de2e1f04f9d011385cbe127ea696b19a1191a3fe9107a94c8f75cb24c7b32275c4eaf4077631dd6b40aea6

  • SSDEEP

    49152:XDnaVVMzMvkMUzM3n5xlekY+r5u8QeKxFOJxdb4vZKV:DaVizMvkMUg3n5xRKdzOJDb4v+

Malware Config

Targets

    • Target

      Yandex.exe

    • Size

      4.1MB

    • MD5

      5600b8bc13cde04b710bafe059d3435d

    • SHA1

      f6fac7d7809fe8e2a192483635d9f41f6cb6d497

    • SHA256

      9098f0f0569a01c61fd82b91aa02634295b6adbe8d2a95e57db0eac666f6f16f

    • SHA512

      01ff62a69eb590e7db293cf5026e44c71d76deae27de2e1f04f9d011385cbe127ea696b19a1191a3fe9107a94c8f75cb24c7b32275c4eaf4077631dd6b40aea6

    • SSDEEP

      49152:XDnaVVMzMvkMUzM3n5xlekY+r5u8QeKxFOJxdb4vZKV:DaVizMvkMUg3n5xRKdzOJDb4v+

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks