Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    856dc1ff81894c021e052abf46190e57.bin

  • Size

    318KB

  • Sample

    231101-b7jewsag94

  • MD5

    5935078b14c29037caf5002a954d561c

  • SHA1

    e7da9335ae6538324831012d8cce223cbf326515

  • SHA256

    0e53cc398ab74bdc799c84cc780aeb538a464d3ddcb64514baef595b4020bc6e

  • SHA512

    f1ca06e622c98ce9ebd8cb0439b609b625d77d6ec210e1b7a5459531038152df51b10a8e9271e4090914d5673d63e78aa0e849df236081693266bb6af8206750

  • SSDEEP

    6144:BCub5gwp/nEUYw/VqrOAfbnN6yGNybdSRSn8w5E+A3O+s4+NTAF:t/p/EUErOATsJMSG8w5E3e+s4k0F

Malware Config

Targets

    • Target

      bf4fa4deac71c6c50cc93e2088424079ec5bec1188710beedde515f9b741f3bf.exe

    • Size

      575KB

    • MD5

      856dc1ff81894c021e052abf46190e57

    • SHA1

      9c526901e1c6e50b069fbaa463a746512dc7548a

    • SHA256

      bf4fa4deac71c6c50cc93e2088424079ec5bec1188710beedde515f9b741f3bf

    • SHA512

      830bd4afc9b29fb0d5a385377bfc243a69f11619e07ebfc8c890dbefda606809cde2934efff8ede365b0bc10b8c8422de85b60c9b9da3dd81a4e08c1d028ca11

    • SSDEEP

      12288:MS4vdwKTNWuuRYqrggHp/bLf7daLBIlXSY4j+6qj9:aF7M0UJf7gtIlqjyj9

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks