Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    635a54f6e734b823ec8e64b3bfbf26db

  • Size

    208KB

  • Sample

    240117-xnpcpacggk

  • MD5

    635a54f6e734b823ec8e64b3bfbf26db

  • SHA1

    e66f8daa93c55ab0ec664161772e450f14180ff6

  • SHA256

    22606d6d601e0fae177553f6b343c5b1605ea0cbff5da7dacb2289ccaaf1bebe

  • SHA512

    3db0f56a5d4bf8cd403db51173688e4bde5430ef09e430a0b50fe8699ba5f6a5360ffa881f5883f409884dc4e5ba0218f9b38c9b22dbad8bdf0b225f03712e8c

  • SSDEEP

    6144:lybCZmNOIxs3NBBxn5YtkbdTf7ZUPrnNz:lyTi9BR3RTf7WPd

Malware Config

Targets

    • Target

      635a54f6e734b823ec8e64b3bfbf26db

    • Size

      208KB

    • MD5

      635a54f6e734b823ec8e64b3bfbf26db

    • SHA1

      e66f8daa93c55ab0ec664161772e450f14180ff6

    • SHA256

      22606d6d601e0fae177553f6b343c5b1605ea0cbff5da7dacb2289ccaaf1bebe

    • SHA512

      3db0f56a5d4bf8cd403db51173688e4bde5430ef09e430a0b50fe8699ba5f6a5360ffa881f5883f409884dc4e5ba0218f9b38c9b22dbad8bdf0b225f03712e8c

    • SSDEEP

      6144:lybCZmNOIxs3NBBxn5YtkbdTf7ZUPrnNz:lyTi9BR3RTf7WPd

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks