Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6a37d13562f3ba6e8a17cca9987339ffd65174d2c0bbb62971b3f703bf675eb0

  • Size

    647KB

  • Sample

    231011-vqlngabc3w

  • MD5

    d506fa33daeaefc7320cad4f8368a49e

  • SHA1

    cbe2ac006d6737262fa6235c4d665abf060aaa5f

  • SHA256

    6a37d13562f3ba6e8a17cca9987339ffd65174d2c0bbb62971b3f703bf675eb0

  • SHA512

    01937ced7cc26de65de5b2e1d90236db20d305a242edb2d5c797e87f7731f045090eb20d6f2a29df315e5288fdc255a35ce6c75b79a3205b904c4731a54f8352

  • SSDEEP

    12288:odKlE6JqhfYHRiaXwep2MEavfQFd6kCOuvZVr+jyaqoiEcPQWm7lBy2sWx:HKYHHvXwe4GQFd3CzQbNAy7zsWx

Score
7/10

Malware Config

Targets

    • Target

      Confirmation.exe

    • Size

      884KB

    • MD5

      29af861baff3d90185ed2ea3d47482d6

    • SHA1

      ce58279e89cd1ccbb88b37e32be7d0115c9f1572

    • SHA256

      e95d1407329d9bf135e8e44cf041709c4ce426d62144c772374d9b782f3bb399

    • SHA512

      1277277c73e4d87e29add0112aac81a4b8edeada4fe49216cc6707c0cfc1c2cca9f522558c90243271da43a33715dada7a4e58933d5f4cc71839b31a3e570bf9

    • SSDEEP

      12288:PnX9K7iSxwfEHtrXTutnP/XGvGVfb9Pke7Qs5RcFbpEK:PntU7NHtvenP/5fbZJMs5RMpE

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks