Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d6001936e085bcfc1df963a4c506f5f7efea86505721c0a3a1c10b3f71e91bea

  • Size

    1.7MB

  • Sample

    240320-bfs51sch23

  • MD5

    64343e6cda02ebbe3723002a8dc07137

  • SHA1

    5c86d0646a430949d303dc94b49ed0e0b03f1eed

  • SHA256

    d6001936e085bcfc1df963a4c506f5f7efea86505721c0a3a1c10b3f71e91bea

  • SHA512

    ad5c88d5c4d9c8b4a161610f240df6c595026bfe3fe16ee207a687b0519a8f2b95f5cf4002b9aa7ec99c5b6a60a11c866e98efd9d8fc56fa2b4578bce18dba02

  • SSDEEP

    49152:VFYcuM8oEQ8Ts1cQ9mXs6j0RHDLQbFhWH8tWG:zuFQ8TSl56gRjsbiqT

Malware Config

Targets

    • Target

      d6001936e085bcfc1df963a4c506f5f7efea86505721c0a3a1c10b3f71e91bea

    • Size

      1.7MB

    • MD5

      64343e6cda02ebbe3723002a8dc07137

    • SHA1

      5c86d0646a430949d303dc94b49ed0e0b03f1eed

    • SHA256

      d6001936e085bcfc1df963a4c506f5f7efea86505721c0a3a1c10b3f71e91bea

    • SHA512

      ad5c88d5c4d9c8b4a161610f240df6c595026bfe3fe16ee207a687b0519a8f2b95f5cf4002b9aa7ec99c5b6a60a11c866e98efd9d8fc56fa2b4578bce18dba02

    • SSDEEP

      49152:VFYcuM8oEQ8Ts1cQ9mXs6j0RHDLQbFhWH8tWG:zuFQ8TSl56gRjsbiqT

    • Detects executables containing possible sandbox analysis VM usernames

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks