Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    iniciar.exe

  • Size

    17.7MB

  • Sample

    231208-dfvpysgh34

  • MD5

    4d62aa04d981f3b2a9c5ac9347237fb6

  • SHA1

    4cf9c540d6efcaa196c7f7de51214024ff5dbf45

  • SHA256

    c6b5cab4d6ce48999f03b19d08a9abe66e9e2beafd6d7c62ca48cb61139ad661

  • SHA512

    7f05ecee33544fcb33c7009299c0490cfa6057bdcd3b6d9ea8f365c88ea0babea31ffd6d6f1e0083262648d76769f94736659ec819e4d0a1987d0111f7341f5b

  • SSDEEP

    393216:SqPnLFXlrVgQpDOETgsvfGzHgz2vEtrZaLSq:XPLFXN6QoEkWPnoj

Malware Config

Targets

    • Target

      iniciar.exe

    • Size

      17.7MB

    • MD5

      4d62aa04d981f3b2a9c5ac9347237fb6

    • SHA1

      4cf9c540d6efcaa196c7f7de51214024ff5dbf45

    • SHA256

      c6b5cab4d6ce48999f03b19d08a9abe66e9e2beafd6d7c62ca48cb61139ad661

    • SHA512

      7f05ecee33544fcb33c7009299c0490cfa6057bdcd3b6d9ea8f365c88ea0babea31ffd6d6f1e0083262648d76769f94736659ec819e4d0a1987d0111f7341f5b

    • SSDEEP

      393216:SqPnLFXlrVgQpDOETgsvfGzHgz2vEtrZaLSq:XPLFXN6QoEkWPnoj

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks