Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    YandexPackLoader.exe

  • Size

    225KB

  • Sample

    231013-yfqffsgd37

  • MD5

    01ea31ab9a1e85bb8c1daf2cce794959

  • SHA1

    79819879e2528f7fa9f96e483ee62d9e52f0b3b8

  • SHA256

    e29a70f912b9fe5386251559765e52b671992220d374e36fe6fa21f7386d4b11

  • SHA512

    3871fa0ef24036fe893e5aa60f2171659404fb154566094875716e2f0f218915f0a862b62ce712d1af7d6ba8537c10ee12c9f79d2850408ae3f7c018c46376c6

  • SSDEEP

    3072:E8y0es/5skqFTMv4hQC2mC4UAONfvoxPQc5VAACDMVg38qA2KGEF+KnVW8itdlMI:zb/skqFTqJHUPQQVAA9TUtXFWz

Malware Config

Targets

    • Target

      YandexPackLoader.exe

    • Size

      225KB

    • MD5

      01ea31ab9a1e85bb8c1daf2cce794959

    • SHA1

      79819879e2528f7fa9f96e483ee62d9e52f0b3b8

    • SHA256

      e29a70f912b9fe5386251559765e52b671992220d374e36fe6fa21f7386d4b11

    • SHA512

      3871fa0ef24036fe893e5aa60f2171659404fb154566094875716e2f0f218915f0a862b62ce712d1af7d6ba8537c10ee12c9f79d2850408ae3f7c018c46376c6

    • SSDEEP

      3072:E8y0es/5skqFTMv4hQC2mC4UAONfvoxPQc5VAACDMVg38qA2KGEF+KnVW8itdlMI:zb/skqFTqJHUPQQVAA9TUtXFWz

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks