Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
system32.exe
-
Size
71.0MB
-
Sample
231120-sq3kwagg85
-
MD5
b326be193593aeca99d52a3b7bc1e727
-
SHA1
14b5b53e73d242c8af0bf9414027dc3a1627ac9c
-
SHA256
2822a13fce1cd28edc1362a69a083932e5aa25f3fe3cf6bef47c62c4ec7bdba6
-
SHA512
201633bc032de84b42665206325316155e347c9fa53256bde5c8a4db753e2bb8bd5e0d84769324de6a09100422735be263fe781f2872217e875cf933d71ba810
-
SSDEEP
1572864:l4/4rzOchPtS+m2wUEvJBok1OjBjL/JhdmSew8sZ1rv7j4ayDQYP3DGg7:ykqcdtS9esk3HhdgsZ1nj4tQYzGg7
Malware Config
Targets
-
-
Target
system32.exe
-
Size
71.0MB
-
MD5
b326be193593aeca99d52a3b7bc1e727
-
SHA1
14b5b53e73d242c8af0bf9414027dc3a1627ac9c
-
SHA256
2822a13fce1cd28edc1362a69a083932e5aa25f3fe3cf6bef47c62c4ec7bdba6
-
SHA512
201633bc032de84b42665206325316155e347c9fa53256bde5c8a4db753e2bb8bd5e0d84769324de6a09100422735be263fe781f2872217e875cf933d71ba810
-
SSDEEP
1572864:l4/4rzOchPtS+m2wUEvJBok1OjBjL/JhdmSew8sZ1rv7j4ayDQYP3DGg7:ykqcdtS9esk3HhdgsZ1nj4tQYzGg7
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1