Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.593bb06e8c19e547b971df37c49943e0.exe

  • Size

    3.1MB

  • Sample

    231116-na4qsacd3y

  • MD5

    593bb06e8c19e547b971df37c49943e0

  • SHA1

    73a95343a1fffb84f9798305c10d9457c477e584

  • SHA256

    de6d7da1e2cbb5ef2d7bc2523f9a8a442b30c23c10919ebad887edfecea177cf

  • SHA512

    bbc9c4c836a6686e87077508412db9ab0faffb24583db9cc2bfc3d543306ea76e98815ef1168216df93a8776ad5b9783b9810e23e9b427645f744e9c23b0278c

  • SSDEEP

    49152:ZUuBTOjZwS1Ihk+hy7iHuaRZnt+NTNLiG975:ZXRO0hkr2Rxt+ew

Malware Config

Targets

    • Target

      NEAS.593bb06e8c19e547b971df37c49943e0.exe

    • Size

      3.1MB

    • MD5

      593bb06e8c19e547b971df37c49943e0

    • SHA1

      73a95343a1fffb84f9798305c10d9457c477e584

    • SHA256

      de6d7da1e2cbb5ef2d7bc2523f9a8a442b30c23c10919ebad887edfecea177cf

    • SHA512

      bbc9c4c836a6686e87077508412db9ab0faffb24583db9cc2bfc3d543306ea76e98815ef1168216df93a8776ad5b9783b9810e23e9b427645f744e9c23b0278c

    • SSDEEP

      49152:ZUuBTOjZwS1Ihk+hy7iHuaRZnt+NTNLiG975:ZXRO0hkr2Rxt+ew

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks