Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8edfe12e2544e6a9687ab9f0b0aaaa74

  • Size

    158KB

  • Sample

    240204-l4zb2shbbr

  • MD5

    8edfe12e2544e6a9687ab9f0b0aaaa74

  • SHA1

    03db1451090c15bc733075a7635f56dfce71552f

  • SHA256

    400cac203dca17cb0d78bb5b5b44b14c72f1929aa767644f745a2375d48843e5

  • SHA512

    795c5ebb51c6d935d49618f4e97f531bc3999b3fd54aee615303ded77ab2f065fd964441b26b3a8dd06a17c7cf8b7ef72105a96130214cda9a67428dcebe2b0b

  • SSDEEP

    3072:tbUEaIO/ZDa+4ejeiFZu/X8rfYrXeLiwJM:tbUEa/DaQjPDYreNJM

Score
7/10

Malware Config

Targets

    • Target

      8edfe12e2544e6a9687ab9f0b0aaaa74

    • Size

      158KB

    • MD5

      8edfe12e2544e6a9687ab9f0b0aaaa74

    • SHA1

      03db1451090c15bc733075a7635f56dfce71552f

    • SHA256

      400cac203dca17cb0d78bb5b5b44b14c72f1929aa767644f745a2375d48843e5

    • SHA512

      795c5ebb51c6d935d49618f4e97f531bc3999b3fd54aee615303ded77ab2f065fd964441b26b3a8dd06a17c7cf8b7ef72105a96130214cda9a67428dcebe2b0b

    • SSDEEP

      3072:tbUEaIO/ZDa+4ejeiFZu/X8rfYrXeLiwJM:tbUEa/DaQjPDYreNJM

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks