Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a2e1b415d5540ba0a4646af0ce2396031f55653710e8c37706f32b2f77edecbf

  • Size

    4.6MB

  • Sample

    231126-2fm7wacg6s

  • MD5

    12c12a8a5c9cb98f98f5e378d56a6141

  • SHA1

    827296ef761e92ad2f117c9e92aafd1509ea1c02

  • SHA256

    a2e1b415d5540ba0a4646af0ce2396031f55653710e8c37706f32b2f77edecbf

  • SHA512

    1e7b4ea81858bd52718283f62812ae6dc8108db482c0fd4540b1dbdb8840bb2620ab9e07f06d64ac322d9b6ad31e285d0c466076387c204f2ec8fb9638d82df7

  • SSDEEP

    49152:5SpYISwcy5m+HlVHd2lXCYE5unMItqEktIKQnRGjmRZlFC2LJfZL7RIFJ1XfJGOB:I7QtTyszkXX14WZB7AhkoeXL

Malware Config

Targets

    • Target

      a2e1b415d5540ba0a4646af0ce2396031f55653710e8c37706f32b2f77edecbf

    • Size

      4.6MB

    • MD5

      12c12a8a5c9cb98f98f5e378d56a6141

    • SHA1

      827296ef761e92ad2f117c9e92aafd1509ea1c02

    • SHA256

      a2e1b415d5540ba0a4646af0ce2396031f55653710e8c37706f32b2f77edecbf

    • SHA512

      1e7b4ea81858bd52718283f62812ae6dc8108db482c0fd4540b1dbdb8840bb2620ab9e07f06d64ac322d9b6ad31e285d0c466076387c204f2ec8fb9638d82df7

    • SSDEEP

      49152:5SpYISwcy5m+HlVHd2lXCYE5unMItqEktIKQnRGjmRZlFC2LJfZL7RIFJ1XfJGOB:I7QtTyszkXX14WZB7AhkoeXL

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks