Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

04/02/2024, 11:56

240204-n4drfsgeb9 10

General

  • Target

    main.exe

  • Size

    82.7MB

  • Sample

    240204-n4drfsgeb9

  • MD5

    1377790410f933a3e9ae23e0514f6e99

  • SHA1

    bb0144b3501eea4654d82415dcc7907293f02a07

  • SHA256

    7e4691de0700dc115705549222583fab48ec1e28dd963d98d5b20f98799f06cf

  • SHA512

    7b16a37f6529f32b82d00d83c4925ce75f14268949781ef8435af7e3ca6f9917e00dbc55835d630669ff8df3a820b9fe95f43136dec161492b0fab1b0e6e8b01

  • SSDEEP

    1572864:XQ82Fhy+6ZIl0B/CiiQTzNxw7R1gOBmKunPJQj95eSKR5yIVNFq+ar2GUjl0pS+:lihytm4/Ci7TzM7lAKCBejUV+/KX+

Malware Config

Targets

    • Target

      main.exe

    • Size

      82.7MB

    • MD5

      1377790410f933a3e9ae23e0514f6e99

    • SHA1

      bb0144b3501eea4654d82415dcc7907293f02a07

    • SHA256

      7e4691de0700dc115705549222583fab48ec1e28dd963d98d5b20f98799f06cf

    • SHA512

      7b16a37f6529f32b82d00d83c4925ce75f14268949781ef8435af7e3ca6f9917e00dbc55835d630669ff8df3a820b9fe95f43136dec161492b0fab1b0e6e8b01

    • SSDEEP

      1572864:XQ82Fhy+6ZIl0B/CiiQTzNxw7R1gOBmKunPJQj95eSKR5yIVNFq+ar2GUjl0pS+:lihytm4/Ci7TzM7lAKCBejUV+/KX+

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks