Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Solaris.exe

  • Size

    11KB

  • Sample

    240224-pwpdnabh34

  • MD5

    cc22d55a559c2a6c1b5ae9196854f807

  • SHA1

    d42cfb8f9a3fecfa4068c7728ee5d88b212ff152

  • SHA256

    e58d50abb3c718b8c74b2f845a0face5a7efa830c321dcb7f6933d77bba29146

  • SHA512

    a3b78a5ece9f74a18c3edf236ba7aa1fef17ea743eacea2211b4125f37435c667de48e175e389001bced71c562c3815348d9447421cf6b8748156cef9c8e868e

  • SSDEEP

    192:528Jl0UT5X45wL0jGz0+8lQTaglJaumeVr1gDgIe5SPdF6e5z4dLkP:52A/lhz0+8Ma0zm59dV14dk

Score
7/10

Malware Config

Targets

    • Target

      Solaris.exe

    • Size

      11KB

    • MD5

      cc22d55a559c2a6c1b5ae9196854f807

    • SHA1

      d42cfb8f9a3fecfa4068c7728ee5d88b212ff152

    • SHA256

      e58d50abb3c718b8c74b2f845a0face5a7efa830c321dcb7f6933d77bba29146

    • SHA512

      a3b78a5ece9f74a18c3edf236ba7aa1fef17ea743eacea2211b4125f37435c667de48e175e389001bced71c562c3815348d9447421cf6b8748156cef9c8e868e

    • SSDEEP

      192:528Jl0UT5X45wL0jGz0+8lQTaglJaumeVr1gDgIe5SPdF6e5z4dLkP:52A/lhz0+8Ma0zm59dV14dk

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks