Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8176372efc5245ddba7b8db5faa5ef67f1b02253a2f66136849f464f547b6cb6

  • Size

    4.6MB

  • Sample

    231231-2c5bzshgf9

  • MD5

    bd2be2124edbaf6760cfa6d5031376d0

  • SHA1

    5beb35e653026234788eabae2bfec4c751d0bcfc

  • SHA256

    8176372efc5245ddba7b8db5faa5ef67f1b02253a2f66136849f464f547b6cb6

  • SHA512

    9394b4186507580fec0a08ac05ddbe0e800c7b88d828cf92e6b98f3b5b6bda402222702211c7754ac44f235476d3b94ba7d3bd5f21e56f5b51b4d83ab8d99f89

  • SSDEEP

    98304:G2M8YJUeFIp6G3zIA2t1j+ggu3D6DxVW9ab6bLnjJY6yfr7O:G2M8YJUUIpDz12tt+gNmD2TbSVr7O

Malware Config

Targets

    • Target

      8176372efc5245ddba7b8db5faa5ef67f1b02253a2f66136849f464f547b6cb6

    • Size

      4.6MB

    • MD5

      bd2be2124edbaf6760cfa6d5031376d0

    • SHA1

      5beb35e653026234788eabae2bfec4c751d0bcfc

    • SHA256

      8176372efc5245ddba7b8db5faa5ef67f1b02253a2f66136849f464f547b6cb6

    • SHA512

      9394b4186507580fec0a08ac05ddbe0e800c7b88d828cf92e6b98f3b5b6bda402222702211c7754ac44f235476d3b94ba7d3bd5f21e56f5b51b4d83ab8d99f89

    • SSDEEP

      98304:G2M8YJUeFIp6G3zIA2t1j+ggu3D6DxVW9ab6bLnjJY6yfr7O:G2M8YJUUIpDz12tt+gNmD2TbSVr7O

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks