Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Photo_19.10.zip

  • Size

    2.9MB

  • Sample

    231124-hjmwqsgc63

  • MD5

    b23e772bec21d16a46ef8a398797aef9

  • SHA1

    2f1853aad33bf0e947349d3f83f5ac311a15d40e

  • SHA256

    3fc46463c2e8fef258dbfdf8637e075cebee2fbec69c1a80ba2cd2e123abea42

  • SHA512

    cb2971c34bd4b3d2fae9a6342b14aac36a44f2fac50b865b5d1da33e26945352c101f8d3111216c12c190c96a7ed10039472ef0f5ca9134ed09b9456027343b7

  • SSDEEP

    49152:eeZauxOALd19CaXZ2wzgJC7XBBxnCqViGP2Zmh9yKXtZmCnJf+SkFcjY6eWkiP0I:eeZ7xvLdLCRwz57cqVtPmmhFbmCnJfDX

Malware Config

Targets

    • Target

      Photo_19.10.exe

    • Size

      637.4MB

    • MD5

      0ef96481b910ada980fda0fb814a6628

    • SHA1

      878fb90fc48f5313c8a08db582628f9fe7ee1fb3

    • SHA256

      aba4a0465f11f690a55683d2a05707a18e5f0db003d7f4131983789d1a4b16dd

    • SHA512

      73147eaf75ad18b63e2b17e8ba1eb4062e4bcf0baad57134eea93c1d19ce077ab9b95ab4248d3d4eb45a478077b490f777f941b4b132f1b03ceb80a032661212

    • SSDEEP

      49152:2jVgiG1hT8cm8U2zkpdt0n/s0YRZHPm4poP2UkCsPt/BIS:2ji7F84UJoE0YRZvm4pk2U/AhBz

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks