Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    LumaSft.hta

  • Size

    162KB

  • Sample

    240204-xa7bcagce7

  • MD5

    50b4ea549c48d995ddf248188795d2d8

  • SHA1

    bfda7329b7a8519b20617d39da553464a3163d29

  • SHA256

    e93a2475fff6c02d66d92680bf19edfce3a89129e89408e76396ab1ee7ed36aa

  • SHA512

    42d22c0cd19a8dc3d923403a53115d2297355038c3a3d1ba93249b4f2faa3d5f84f594a49a7edcd2fa7d03f0fd0ac394ba12eb997c2f9ab97b3380e62e6fe949

  • SSDEEP

    384:fuhtvGkNrkNrkNrkNrkNrkNrkNrkNrkNrkNrkNUQtWgQlqQQwGt9OYF:fuusssssssssszQ6sQQl9O0

Score
8/10

Malware Config

Targets

    • Target

      LumaSft.hta

    • Size

      162KB

    • MD5

      50b4ea549c48d995ddf248188795d2d8

    • SHA1

      bfda7329b7a8519b20617d39da553464a3163d29

    • SHA256

      e93a2475fff6c02d66d92680bf19edfce3a89129e89408e76396ab1ee7ed36aa

    • SHA512

      42d22c0cd19a8dc3d923403a53115d2297355038c3a3d1ba93249b4f2faa3d5f84f594a49a7edcd2fa7d03f0fd0ac394ba12eb997c2f9ab97b3380e62e6fe949

    • SSDEEP

      384:fuhtvGkNrkNrkNrkNrkNrkNrkNrkNrkNrkNrkNUQtWgQlqQQwGt9OYF:fuusssssssssszQ6sQQl9O0

    Score
    8/10
    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks