Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Tgsnoser.exe

  • Size

    9.3MB

  • Sample

    240311-xv7slsbg5z

  • MD5

    cb4614b8f2c04dd6de09375d4b6ef2c5

  • SHA1

    3faa8f9f97334f6ca6be442da6759fde417e4037

  • SHA256

    74f23e21c68507d3e99894fe630d3cdacfce03da73ef887e528da8fdb317f015

  • SHA512

    168a008d50855fca59438baaccfa01e12c9010a6645efdb81a17f55d3a8abb80312e96060894ad74828997e49244a9c3937d6120f028bce66527a42f38821104

  • SSDEEP

    196608:7u8AZCZ1W903eV4QR3h4KF5ikWMWKACyByHVKjNUCtxytPR2suIin4:LAZCfW+eGQRRn/ikWMWvyQj6CajL1in4

Malware Config

Targets

    • Target

      Tgsnoser.exe

    • Size

      9.3MB

    • MD5

      cb4614b8f2c04dd6de09375d4b6ef2c5

    • SHA1

      3faa8f9f97334f6ca6be442da6759fde417e4037

    • SHA256

      74f23e21c68507d3e99894fe630d3cdacfce03da73ef887e528da8fdb317f015

    • SHA512

      168a008d50855fca59438baaccfa01e12c9010a6645efdb81a17f55d3a8abb80312e96060894ad74828997e49244a9c3937d6120f028bce66527a42f38821104

    • SSDEEP

      196608:7u8AZCZ1W903eV4QR3h4KF5ikWMWKACyByHVKjNUCtxytPR2suIin4:LAZCfW+eGQRRn/ikWMWvyQj6CajL1in4

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks