Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9a2db3dbefaae96fc2d4471bc3db5e35

  • Size

    341KB

  • Sample

    240213-3bwh5abd91

  • MD5

    9a2db3dbefaae96fc2d4471bc3db5e35

  • SHA1

    f6cf4e7dd7c2fd833cb27fd6d763bc95b9769ecb

  • SHA256

    5673dc6f97fb0b9e54794d94e577d45570edc0d4e1632324ce02ecfc5d1d9f43

  • SHA512

    80c30396988e20898c874e7633bfb0ece50488dc0acefd990e60de72d69e2089cb02ee436fa56d27da7382d280e8b3545813d8d5952481f83d147c3fb148a2e5

  • SSDEEP

    6144:sc/oSpLuIyavsj6l0u38FQedvTlipqAlTzpjUEpxNLSMgRDuieWjxpDajMp4y:Z/oQuIyavs3l2r1JPShUiecThn

Score
7/10

Malware Config

Targets

    • Target

      9a2db3dbefaae96fc2d4471bc3db5e35

    • Size

      341KB

    • MD5

      9a2db3dbefaae96fc2d4471bc3db5e35

    • SHA1

      f6cf4e7dd7c2fd833cb27fd6d763bc95b9769ecb

    • SHA256

      5673dc6f97fb0b9e54794d94e577d45570edc0d4e1632324ce02ecfc5d1d9f43

    • SHA512

      80c30396988e20898c874e7633bfb0ece50488dc0acefd990e60de72d69e2089cb02ee436fa56d27da7382d280e8b3545813d8d5952481f83d147c3fb148a2e5

    • SSDEEP

      6144:sc/oSpLuIyavsj6l0u38FQedvTlipqAlTzpjUEpxNLSMgRDuieWjxpDajMp4y:Z/oQuIyavs3l2r1JPShUiecThn

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks