Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    system32.exe

  • Size

    71.0MB

  • Sample

    231120-sq3kwagg85

  • MD5

    b326be193593aeca99d52a3b7bc1e727

  • SHA1

    14b5b53e73d242c8af0bf9414027dc3a1627ac9c

  • SHA256

    2822a13fce1cd28edc1362a69a083932e5aa25f3fe3cf6bef47c62c4ec7bdba6

  • SHA512

    201633bc032de84b42665206325316155e347c9fa53256bde5c8a4db753e2bb8bd5e0d84769324de6a09100422735be263fe781f2872217e875cf933d71ba810

  • SSDEEP

    1572864:l4/4rzOchPtS+m2wUEvJBok1OjBjL/JhdmSew8sZ1rv7j4ayDQYP3DGg7:ykqcdtS9esk3HhdgsZ1nj4tQYzGg7

Malware Config

Targets

    • Target

      system32.exe

    • Size

      71.0MB

    • MD5

      b326be193593aeca99d52a3b7bc1e727

    • SHA1

      14b5b53e73d242c8af0bf9414027dc3a1627ac9c

    • SHA256

      2822a13fce1cd28edc1362a69a083932e5aa25f3fe3cf6bef47c62c4ec7bdba6

    • SHA512

      201633bc032de84b42665206325316155e347c9fa53256bde5c8a4db753e2bb8bd5e0d84769324de6a09100422735be263fe781f2872217e875cf933d71ba810

    • SSDEEP

      1572864:l4/4rzOchPtS+m2wUEvJBok1OjBjL/JhdmSew8sZ1rv7j4ayDQYP3DGg7:ykqcdtS9esk3HhdgsZ1nj4tQYzGg7

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks