Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d5ba5cb09697a8ba54c7444dcbcc3153

  • Size

    141KB

  • Sample

    240319-k15h8age3t

  • MD5

    d5ba5cb09697a8ba54c7444dcbcc3153

  • SHA1

    977e1a973ecd010319290b8cc91fe856911f2503

  • SHA256

    a15b0ee8d72594b4037c9b6ff1d766e2ebb3d2ca5b96c4898956d7977a396d1e

  • SHA512

    a1f2bd4122c9baac4357d41db4ad1a875b44c4243b29bd0343fbfc2e23cee3b97738a19085928f5c98030cd947c205cdb6657de65a9dfc3954b0515e13b442ab

  • SSDEEP

    3072:hbBNtO8GAlO2qyG8bH3gKjBb3AWOpOEpBMkNrAPEB68ErsP/24lcqj:FBNtJtHqX0gi6WAOgBMpEBLErsP/24lH

Malware Config

Targets

    • Target

      d5ba5cb09697a8ba54c7444dcbcc3153

    • Size

      141KB

    • MD5

      d5ba5cb09697a8ba54c7444dcbcc3153

    • SHA1

      977e1a973ecd010319290b8cc91fe856911f2503

    • SHA256

      a15b0ee8d72594b4037c9b6ff1d766e2ebb3d2ca5b96c4898956d7977a396d1e

    • SHA512

      a1f2bd4122c9baac4357d41db4ad1a875b44c4243b29bd0343fbfc2e23cee3b97738a19085928f5c98030cd947c205cdb6657de65a9dfc3954b0515e13b442ab

    • SSDEEP

      3072:hbBNtO8GAlO2qyG8bH3gKjBb3AWOpOEpBMkNrAPEB68ErsP/24lcqj:FBNtJtHqX0gi6WAOgBMpEBLErsP/24lH

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks