Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    79e4dff23f4655df08a43192b1806682

  • Size

    743KB

  • Sample

    231226-s6wghafhb4

  • MD5

    79e4dff23f4655df08a43192b1806682

  • SHA1

    70a7090ee5175dcca7d4b57ee00c2856543c14d3

  • SHA256

    c64176e0fdefcb2b1fdb9a8a6fb541f103a7f9acba8a83812304802889ca1a84

  • SHA512

    92ce4e2d5f2c36c8d7e6c35950ca3caeb7823aec0b5d21c360084f87fa6b2ff7407bc4c70638dd66569af8c9e11b250d6b6bab6a50911555008d66bd70b3ba8a

  • SSDEEP

    12288:FUr/hVLFKNCmWDoF3tCLTmXKNAY7S5mFkQOUCJLA8:FUj7FKNkDoF3tQyXKN+lQPCRz

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    letmein12321

Targets

    • Target

      79e4dff23f4655df08a43192b1806682

    • Size

      743KB

    • MD5

      79e4dff23f4655df08a43192b1806682

    • SHA1

      70a7090ee5175dcca7d4b57ee00c2856543c14d3

    • SHA256

      c64176e0fdefcb2b1fdb9a8a6fb541f103a7f9acba8a83812304802889ca1a84

    • SHA512

      92ce4e2d5f2c36c8d7e6c35950ca3caeb7823aec0b5d21c360084f87fa6b2ff7407bc4c70638dd66569af8c9e11b250d6b6bab6a50911555008d66bd70b3ba8a

    • SSDEEP

      12288:FUr/hVLFKNCmWDoF3tCLTmXKNAY7S5mFkQOUCJLA8:FUj7FKNkDoF3tQyXKN+lQPCRz

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks