Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Nobodylefts.rar

  • Size

    61.4MB

  • Sample

    231117-pwlyjahc83

  • MD5

    a8d463ae25211b554966507a5b1f84fe

  • SHA1

    2bef495bf59b23e69287610656fd5992bb605af1

  • SHA256

    126a0602a509a1490059096d34a355284d18aac56a13f70c44bf970c25397592

  • SHA512

    c2f75ae24c2ff9e49f45acb95ba3ebd6b7320fbbac0fedcc6a1503ada5c039d72beedfbfd16c30e94bb96dc2f2fce7a52fecf158299e4767c1128f05fc4fbffb

  • SSDEEP

    1572864:2WMN6mR7k90b08EO/kfWexh2NqLo7cb12P9gJ9hkwaQ6/BQVFv8:2Wk6mRDb1/kjx+qcXYkwj8BUx8

Score
7/10

Malware Config

Targets

    • Target

      NobodyLeft.exe

    • Size

      61.5MB

    • MD5

      97b2e2c3ed98699b9a599152e1268cb1

    • SHA1

      94a5aec357236660289640542945c2fbdeacc97f

    • SHA256

      9755cfcf306250fe11c18c352339f0b68550bf1d33eb506784f4fdf3cd38301a

    • SHA512

      9974038fd82fc3c66fc5896e34d4d8e43f11d4f16e325ff60444c43ce112dfdd65f20dbdfaf6592af03b5257f607ed02d41d763c7edc0cfe3a9f677c651f1826

    • SSDEEP

      1572864:Zm6Jewn4Mt7wHicKw+V9kulozpfHatc6FHQQWKFJ:k6JenKMHZKw+UuOVStc4QQWKFJ

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks