Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    UNBAN TOOL.exe

  • Size

    8.2MB

  • Sample

    240219-jf78yabc29

  • MD5

    97778110381424d20652bf10ce2de05b

  • SHA1

    ac55a587889dc1667e40f96533d7715beb1bdad6

  • SHA256

    6b26d8412e6b4a854e3293864ba8220afae9187f6153882df4fba9a776236351

  • SHA512

    570b4be26c26613e76b454c5b78ebb8716e840067e5422af2c5221f4c174c1661c1450ec69b8430c234b047180358768bca98fb965c2f59be226b4427fe66016

  • SSDEEP

    196608:V7Ek++kdidQmRJ8dA6l7aycBIGpEGo6hTOv+QKfJLg:NEkcidQusl29foWOv+9fJc

Malware Config

Targets

    • Target

      UNBAN TOOL.exe

    • Size

      8.2MB

    • MD5

      97778110381424d20652bf10ce2de05b

    • SHA1

      ac55a587889dc1667e40f96533d7715beb1bdad6

    • SHA256

      6b26d8412e6b4a854e3293864ba8220afae9187f6153882df4fba9a776236351

    • SHA512

      570b4be26c26613e76b454c5b78ebb8716e840067e5422af2c5221f4c174c1661c1450ec69b8430c234b047180358768bca98fb965c2f59be226b4427fe66016

    • SSDEEP

      196608:V7Ek++kdidQmRJ8dA6l7aycBIGpEGo6hTOv+QKfJLg:NEkcidQusl29foWOv+9fJc

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks