Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    11bdefe9463d7d9caf317514750dc6a2

  • Size

    361KB

  • Sample

    231230-hxpbqaahe6

  • MD5

    11bdefe9463d7d9caf317514750dc6a2

  • SHA1

    62d4f90d7fa24f9855430af2583ed7ac417c3b2f

  • SHA256

    4476bbf546939c0aa04b0443d46946c54c139bbbb358b3d6111805d037fbd59f

  • SHA512

    aba6060e9b334e90436acd773d126c9f640391d55761a87ea134cbc474e67df67f9ac219288e3dc056f7d72793465a59efdfe21dec7863d2bc4af85792924c9c

  • SSDEEP

    6144:NKDmydY+S9m2IsM56ZyXriQtAkaY9h4JewwdhTm77IEiwJJB:SdY+kmf6Z+rjuk19KNYhTmAEiwb

Malware Config

Targets

    • Target

      11bdefe9463d7d9caf317514750dc6a2

    • Size

      361KB

    • MD5

      11bdefe9463d7d9caf317514750dc6a2

    • SHA1

      62d4f90d7fa24f9855430af2583ed7ac417c3b2f

    • SHA256

      4476bbf546939c0aa04b0443d46946c54c139bbbb358b3d6111805d037fbd59f

    • SHA512

      aba6060e9b334e90436acd773d126c9f640391d55761a87ea134cbc474e67df67f9ac219288e3dc056f7d72793465a59efdfe21dec7863d2bc4af85792924c9c

    • SSDEEP

      6144:NKDmydY+S9m2IsM56ZyXriQtAkaY9h4JewwdhTm77IEiwJJB:SdY+kmf6Z+rjuk19KNYhTmAEiwb

    • UAC bypass

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks