Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6362d1bffe206c89bee4fe9dc2d7de989d8b39f57e450e758a204acc136a754b

  • Size

    6.0MB

  • Sample

    231211-fl3nvsdecr

  • MD5

    661c91991d35dfbea6380292ccb33e1e

  • SHA1

    e1c979e5cce7f06d81b3d6c63d755b1d96c4ddaf

  • SHA256

    6362d1bffe206c89bee4fe9dc2d7de989d8b39f57e450e758a204acc136a754b

  • SHA512

    f1a82093d57c15dfd1f42bde94fe938227abc761fb78eafc4673d27cf007abe1bb7c4508af91f2ef6e53974e15841670e5fa890304b98abc9890948c55e77032

  • SSDEEP

    98304:Tew6tIWP2JLa8Bez8NJKfDxmxtI7y6IoO:Tew6NeJuu4KaUxOy6IoO

Malware Config

Targets

    • Target

      6362d1bffe206c89bee4fe9dc2d7de989d8b39f57e450e758a204acc136a754b

    • Size

      6.0MB

    • MD5

      661c91991d35dfbea6380292ccb33e1e

    • SHA1

      e1c979e5cce7f06d81b3d6c63d755b1d96c4ddaf

    • SHA256

      6362d1bffe206c89bee4fe9dc2d7de989d8b39f57e450e758a204acc136a754b

    • SHA512

      f1a82093d57c15dfd1f42bde94fe938227abc761fb78eafc4673d27cf007abe1bb7c4508af91f2ef6e53974e15841670e5fa890304b98abc9890948c55e77032

    • SSDEEP

      98304:Tew6tIWP2JLa8Bez8NJKfDxmxtI7y6IoO:Tew6NeJuu4KaUxOy6IoO

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks