Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    221637233529b54ecca9d43a83f2186d20e725eee4dc26be79247f171ea6e4dd

  • Size

    88KB

  • Sample

    240307-wv39raba5y

  • MD5

    1855d9c8d4755a1025f3eeb6bad9c10f

  • SHA1

    125f67e02d3dc0f68897fea2be12b16e88334ff3

  • SHA256

    221637233529b54ecca9d43a83f2186d20e725eee4dc26be79247f171ea6e4dd

  • SHA512

    bea3e3481faee8e6b96e7ed67a41bb9acf1980b39914925fde26f4a6f89a26d47529c56101533720d083bb17c5920bc7fba7aa415fa5cee5373d33e7a978b144

  • SSDEEP

    1536:aWAL/OkxsTnljt6GjbF7BV9rXiQOXmTbyi0zVMoujt3tZqqWTxShXF:aDOkexJLFdrrXiHXktT4TxShF

Malware Config

Targets

    • Target

      221637233529b54ecca9d43a83f2186d20e725eee4dc26be79247f171ea6e4dd

    • Size

      88KB

    • MD5

      1855d9c8d4755a1025f3eeb6bad9c10f

    • SHA1

      125f67e02d3dc0f68897fea2be12b16e88334ff3

    • SHA256

      221637233529b54ecca9d43a83f2186d20e725eee4dc26be79247f171ea6e4dd

    • SHA512

      bea3e3481faee8e6b96e7ed67a41bb9acf1980b39914925fde26f4a6f89a26d47529c56101533720d083bb17c5920bc7fba7aa415fa5cee5373d33e7a978b144

    • SSDEEP

      1536:aWAL/OkxsTnljt6GjbF7BV9rXiQOXmTbyi0zVMoujt3tZqqWTxShXF:aDOkexJLFdrrXiHXktT4TxShF

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks