Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-04-06_18521d5c8e5263fa7ae417dd481a71c4_virlock

  • Size

    140KB

  • Sample

    240406-rrhfnach55

  • MD5

    18521d5c8e5263fa7ae417dd481a71c4

  • SHA1

    d6507a96567440352318b2d8a713fe2090291822

  • SHA256

    6948f4a2aaab4ce48e19f40d768d05fbc950a3ad9c3ac20014df9e83006b2e5d

  • SHA512

    dc9d16d1822c5bdecfcf3c7420eb9428ca8099268cde9d61f6112c204947bbd61cca8f9442aecefee4bbfab331ee31abf58555a89f72a92e7a3c172d92b7aa2f

  • SSDEEP

    3072:IxCjePSzikrrcZo208ipBM26KIxInS/Yf0Go88dRyAVZwo6rXc7Xu/Hj:JKPXkyvipBM26sndfb0ZwMu/D

Malware Config

Targets

    • Target

      2024-04-06_18521d5c8e5263fa7ae417dd481a71c4_virlock

    • Size

      140KB

    • MD5

      18521d5c8e5263fa7ae417dd481a71c4

    • SHA1

      d6507a96567440352318b2d8a713fe2090291822

    • SHA256

      6948f4a2aaab4ce48e19f40d768d05fbc950a3ad9c3ac20014df9e83006b2e5d

    • SHA512

      dc9d16d1822c5bdecfcf3c7420eb9428ca8099268cde9d61f6112c204947bbd61cca8f9442aecefee4bbfab331ee31abf58555a89f72a92e7a3c172d92b7aa2f

    • SSDEEP

      3072:IxCjePSzikrrcZo208ipBM26KIxInS/Yf0Go88dRyAVZwo6rXc7Xu/Hj:JKPXkyvipBM26sndfb0ZwMu/D

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks