Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3a5027348187535ea6e51bbe3e6762d2.exe

  • Size

    2.0MB

  • Sample

    231230-xlr1ssebg2

  • MD5

    3a5027348187535ea6e51bbe3e6762d2

  • SHA1

    9c4c62d970110a71881e4a4e24c621032bb81075

  • SHA256

    4a273105d0d2f071ff747b87d7890cd255ca366025bec4bda0b68bc7e3283314

  • SHA512

    7c0456e72335359b667ec691fdee22b8b54b8b1d0b658dd5a40db10fe81b447f0509bfdf4fbfd5e9ddb9ef0bd3314dc7be05a48bb068883cd30f15f1fc29ddc4

  • SSDEEP

    49152:QyLIQso24XPTUHCBF6dDLmJjnA8YZ9KpecU29IbCZeX:XLI5o2QUhaJsPQecbgxX

Malware Config

Targets

    • Target

      3a5027348187535ea6e51bbe3e6762d2.exe

    • Size

      2.0MB

    • MD5

      3a5027348187535ea6e51bbe3e6762d2

    • SHA1

      9c4c62d970110a71881e4a4e24c621032bb81075

    • SHA256

      4a273105d0d2f071ff747b87d7890cd255ca366025bec4bda0b68bc7e3283314

    • SHA512

      7c0456e72335359b667ec691fdee22b8b54b8b1d0b658dd5a40db10fe81b447f0509bfdf4fbfd5e9ddb9ef0bd3314dc7be05a48bb068883cd30f15f1fc29ddc4

    • SSDEEP

      49152:QyLIQso24XPTUHCBF6dDLmJjnA8YZ9KpecU29IbCZeX:XLI5o2QUhaJsPQecbgxX

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks