Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

05/11/2023, 19:21

231105-x25a3acf87 8

04/11/2023, 19:48

231104-yjgbysdg91 8

General

  • Target

    GoogleDesktopSetup.exe

  • Size

    1.9MB

  • Sample

    231105-x25a3acf87

  • MD5

    91f67571db8e365e848f78ab4d6580ea

  • SHA1

    a185b4a309497851603ff060a2de20b4d1560133

  • SHA256

    7e7a371a7f563dc181cbe70a684880cbf036a2540b322ab56916b3671ace7df3

  • SHA512

    9fe1e6ade453c7c80025ba3d0105c6124929fbe5cdebbba3564aa77270cff22ac0b1ce0e557d596c46271f7c5863fe72ba7b8dd705769a92acb94dbb91d327ac

  • SSDEEP

    49152:sfSMWuHHwY6XSls25HoWCbFNFuVXIvRvp3tfNAvWik+:5Mpnz6XG+bFKVXIzUvWD+

Malware Config

Targets

    • Target

      GoogleDesktopSetup.exe

    • Size

      1.9MB

    • MD5

      91f67571db8e365e848f78ab4d6580ea

    • SHA1

      a185b4a309497851603ff060a2de20b4d1560133

    • SHA256

      7e7a371a7f563dc181cbe70a684880cbf036a2540b322ab56916b3671ace7df3

    • SHA512

      9fe1e6ade453c7c80025ba3d0105c6124929fbe5cdebbba3564aa77270cff22ac0b1ce0e557d596c46271f7c5863fe72ba7b8dd705769a92acb94dbb91d327ac

    • SSDEEP

      49152:sfSMWuHHwY6XSls25HoWCbFNFuVXIvRvp3tfNAvWik+:5Mpnz6XG+bFKVXIzUvWD+

    • Modifies AppInit DLL entries

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks