Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dfdce39be05c7bd1a5c96aa03ffd90e58badef930482ac2e37c91ce17900f572

  • Size

    1.2MB

  • Sample

    240411-d74f6sbc95

  • MD5

    b2a75aa3954c3394702beb7fded2d106

  • SHA1

    fe60afcae7c866aa78baeaffa0ffb21ff5a11d59

  • SHA256

    dfdce39be05c7bd1a5c96aa03ffd90e58badef930482ac2e37c91ce17900f572

  • SHA512

    acac3b031ac2ada8dcdf9646bb96e741e6a9420fe3fe99a9cba486fce8d21e77a9fdd5a58b0ec2aab2aa1b60e44517c581dbc7d6a0c0cd5a3805df38dbc381ef

  • SSDEEP

    24576:sSLOZt1yOHm/LxJ3kmYkHPS/Q9tqxQZFTa4CYvLzZtYMhlSs:sTyN/L/Rxa/CtQQZF2evLdtYMD5

Malware Config

Targets

    • Target

      dfdce39be05c7bd1a5c96aa03ffd90e58badef930482ac2e37c91ce17900f572

    • Size

      1.2MB

    • MD5

      b2a75aa3954c3394702beb7fded2d106

    • SHA1

      fe60afcae7c866aa78baeaffa0ffb21ff5a11d59

    • SHA256

      dfdce39be05c7bd1a5c96aa03ffd90e58badef930482ac2e37c91ce17900f572

    • SHA512

      acac3b031ac2ada8dcdf9646bb96e741e6a9420fe3fe99a9cba486fce8d21e77a9fdd5a58b0ec2aab2aa1b60e44517c581dbc7d6a0c0cd5a3805df38dbc381ef

    • SSDEEP

      24576:sSLOZt1yOHm/LxJ3kmYkHPS/Q9tqxQZFTa4CYvLzZtYMhlSs:sTyN/L/Rxa/CtQQZF2evLdtYMD5

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks