Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    22af06c40a6972c3d05acfbf88736807

  • Size

    513KB

  • Sample

    231231-bnazeaefh3

  • MD5

    22af06c40a6972c3d05acfbf88736807

  • SHA1

    4d77cb9179339d472806f20b3036dd2187e07d9e

  • SHA256

    5e779c17147a3270553c7042beef05e6946805a52adf85f8f5b9e6bf38f6984b

  • SHA512

    1342ed861ed07e6b06c441d163f4c27cb534ed64e59f92867d69606e94a08656c9993a430f10ae1bcd7b10b313db81eec8b2d6b852093c794495acde9108455c

  • SSDEEP

    12288:lHCKLz4cDlLqz3Nl1/DR3Br8PWEXi1gHAVR7:lj40lmdt3Br8z8gHSR

Score
7/10

Malware Config

Targets

    • Target

      22af06c40a6972c3d05acfbf88736807

    • Size

      513KB

    • MD5

      22af06c40a6972c3d05acfbf88736807

    • SHA1

      4d77cb9179339d472806f20b3036dd2187e07d9e

    • SHA256

      5e779c17147a3270553c7042beef05e6946805a52adf85f8f5b9e6bf38f6984b

    • SHA512

      1342ed861ed07e6b06c441d163f4c27cb534ed64e59f92867d69606e94a08656c9993a430f10ae1bcd7b10b313db81eec8b2d6b852093c794495acde9108455c

    • SSDEEP

      12288:lHCKLz4cDlLqz3Nl1/DR3Br8PWEXi1gHAVR7:lj40lmdt3Br8z8gHSR

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks