Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    HitmanPro_x64.exe

  • Size

    13.6MB

  • Sample

    240326-y9zwzsbf23

  • MD5

    57ae72bca137c9ec15470087d2a4c378

  • SHA1

    e4dd10c770a7ec7993ed47a37d1f7182e907e3ed

  • SHA256

    cfeea4ea5121d1e6b1edbd5ca6e575830a0a4cbaf63120bc36639c44e1b89781

  • SHA512

    f80d6732e86a8d38db1ff43c0c5058013bd456c4b86b87018166ca073bc84fb8e7676b55371ae9cec668a77d198e1e7f6854a9a93581ed21a32167e3b9533f6e

  • SSDEEP

    393216:qPwSxE5xi6RP25MJFjrTuSne6Jz7N/S3:TxP2ufjrCq

Malware Config

Targets

    • Target

      HitmanPro_x64.exe

    • Size

      13.6MB

    • MD5

      57ae72bca137c9ec15470087d2a4c378

    • SHA1

      e4dd10c770a7ec7993ed47a37d1f7182e907e3ed

    • SHA256

      cfeea4ea5121d1e6b1edbd5ca6e575830a0a4cbaf63120bc36639c44e1b89781

    • SHA512

      f80d6732e86a8d38db1ff43c0c5058013bd456c4b86b87018166ca073bc84fb8e7676b55371ae9cec668a77d198e1e7f6854a9a93581ed21a32167e3b9533f6e

    • SSDEEP

      393216:qPwSxE5xi6RP25MJFjrTuSne6Jz7N/S3:TxP2ufjrCq

    • Drops file in Drivers directory

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks registry for disk virtualization

      Detecting virtualization disks is order done to detect sandboxing environments.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks