Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Schermafbeelding 2023-08-22 135520.png

  • Size

    70KB

  • Sample

    240112-lv5gpsdfcp

  • MD5

    3ff87c31f715448f14ec0d5175dd18f5

  • SHA1

    a46f28de56c6fe29ca9d2cc012678e4e9eb85eca

  • SHA256

    c0ab9875bd5747503884ffae2d3d62c893c151ab6564e889ea615fcf4b85575e

  • SHA512

    788bf02ea1582d7e39be6de2b9c6cdacc4cc3717cf554f38182d07f04d5ce87f995522f09f0e901863c39dace381f0806aab866a35afc2daec4c2cfaafcbf788

  • SSDEEP

    1536:OnlC53IQYR/7UKGXag3ujgP3TLTpJ4BG0SWjnSbd:Onl83IQYR/79GXa8PDLnuRHjnSbd

Malware Config

Targets

    • Target

      Schermafbeelding 2023-08-22 135520.png

    • Size

      70KB

    • MD5

      3ff87c31f715448f14ec0d5175dd18f5

    • SHA1

      a46f28de56c6fe29ca9d2cc012678e4e9eb85eca

    • SHA256

      c0ab9875bd5747503884ffae2d3d62c893c151ab6564e889ea615fcf4b85575e

    • SHA512

      788bf02ea1582d7e39be6de2b9c6cdacc4cc3717cf554f38182d07f04d5ce87f995522f09f0e901863c39dace381f0806aab866a35afc2daec4c2cfaafcbf788

    • SSDEEP

      1536:OnlC53IQYR/7UKGXag3ujgP3TLTpJ4BG0SWjnSbd:Onl83IQYR/79GXa8PDLnuRHjnSbd

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks