Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    63d52f9d0da76e85c0b0d5c6adbebe43

  • Size

    1018KB

  • Sample

    240117-2x4wysgabr

  • MD5

    63d52f9d0da76e85c0b0d5c6adbebe43

  • SHA1

    5a0be963f098b7fe5cca45f5c7edd6ed89c0a917

  • SHA256

    26392933fd4c464b0aca1664e4148727bfb0c435dbe7a161e4b632b80808dfb5

  • SHA512

    3b99536999cd32dedcc86796791ac62dc2ac6e7371c689289fa9aa43ee3a9238a2cc97ad6ffc39bf6b1e3e887c51795e94d41f610a128fd20d1ff303cdc8bd32

  • SSDEEP

    24576:eErBOwUBE1Egw+VIXxdSuLj6UjZUjeRLqB:eyB4JiIwUjqjGL

Score
7/10

Malware Config

Targets

    • Target

      63d52f9d0da76e85c0b0d5c6adbebe43

    • Size

      1018KB

    • MD5

      63d52f9d0da76e85c0b0d5c6adbebe43

    • SHA1

      5a0be963f098b7fe5cca45f5c7edd6ed89c0a917

    • SHA256

      26392933fd4c464b0aca1664e4148727bfb0c435dbe7a161e4b632b80808dfb5

    • SHA512

      3b99536999cd32dedcc86796791ac62dc2ac6e7371c689289fa9aa43ee3a9238a2cc97ad6ffc39bf6b1e3e887c51795e94d41f610a128fd20d1ff303cdc8bd32

    • SSDEEP

      24576:eErBOwUBE1Egw+VIXxdSuLj6UjZUjeRLqB:eyB4JiIwUjqjGL

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks