Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9b18a107759cd886e543969ed9d0063e

  • Size

    250KB

  • Sample

    240214-h5jfface6v

  • MD5

    9b18a107759cd886e543969ed9d0063e

  • SHA1

    349e0431476783c9a6d1f8c3d37f32eb3710590d

  • SHA256

    39a7fd64bf4bc86965e8079058029c5c894d3cfda99c60171155037e3032464b

  • SHA512

    ad5f31bdb9b773d362720544b91c96fc58b40c439ce652e5af2e79ca5e5c8ad243618d613d86603530ec96737dc089de9525ee89e104c99a0883e46d5395d861

  • SSDEEP

    6144:h1OgDPdkBAFZWjadD4s5QsL//NgkBA+sta:h1OgLdaOv+r+s8

Malware Config

Targets

    • Target

      9b18a107759cd886e543969ed9d0063e

    • Size

      250KB

    • MD5

      9b18a107759cd886e543969ed9d0063e

    • SHA1

      349e0431476783c9a6d1f8c3d37f32eb3710590d

    • SHA256

      39a7fd64bf4bc86965e8079058029c5c894d3cfda99c60171155037e3032464b

    • SHA512

      ad5f31bdb9b773d362720544b91c96fc58b40c439ce652e5af2e79ca5e5c8ad243618d613d86603530ec96737dc089de9525ee89e104c99a0883e46d5395d861

    • SSDEEP

      6144:h1OgDPdkBAFZWjadD4s5QsL//NgkBA+sta:h1OgLdaOv+r+s8

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

MITRE ATT&CK Enterprise v15

Tasks