Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    VirusShare_21450cdf5b7b9ec242562798c6c31a59

  • Size

    803KB

  • Sample

    240204-n54z2aahcn

  • MD5

    21450cdf5b7b9ec242562798c6c31a59

  • SHA1

    625ec4872d88f5e9d33f4644c435f100f91e9849

  • SHA256

    c326e51ec81e0965c4d8eb91dffb932fd8e688884fa5094acb164568bdefecda

  • SHA512

    6bd6a49e8a6e3596c4ca086028177b43ecf38cea7762d8f7c4fced7c0c478c87fbd24db92bf02757eaad35f0fc4997ad29446097fa7076b371172e912bbd4641

  • SSDEEP

    12288:IevKZvYWDBPzxBC31Fr181AeKX+IPzE0pRrmwYCi4jgHqdfdBvaQ5dxpcs3zmF:EZRV/CO1bczZR7iBHqd75djU

Malware Config

Targets

    • Target

      VirusShare_21450cdf5b7b9ec242562798c6c31a59

    • Size

      803KB

    • MD5

      21450cdf5b7b9ec242562798c6c31a59

    • SHA1

      625ec4872d88f5e9d33f4644c435f100f91e9849

    • SHA256

      c326e51ec81e0965c4d8eb91dffb932fd8e688884fa5094acb164568bdefecda

    • SHA512

      6bd6a49e8a6e3596c4ca086028177b43ecf38cea7762d8f7c4fced7c0c478c87fbd24db92bf02757eaad35f0fc4997ad29446097fa7076b371172e912bbd4641

    • SSDEEP

      12288:IevKZvYWDBPzxBC31Fr181AeKX+IPzE0pRrmwYCi4jgHqdfdBvaQ5dxpcs3zmF:EZRV/CO1bczZR7iBHqd75djU

    • Detects Windows executables referencing non-Windows User-Agents

    • Detects executables referencing many file transfer clients. Observed in information stealers

    • UPX dump on OEP (original entry point)

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks