Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Fnn5Ap3.rar

  • Size

    6.2MB

  • Sample

    240416-wcyljsge39

  • MD5

    c3c9adff3d8341f8fa0f58413bacc287

  • SHA1

    2276279cf3e153d68541e71b283e383307bdb200

  • SHA256

    e9b75e4351e9bfcaef1df3822dc94fdc588dd2a95074d9d5044a058ae869273a

  • SHA512

    5f5ab50c9f0b7971196856c696803ad33419f18d4cd889347d6dc4f141c4e6f2c27384e8e1531bd7413ff6ee6b28a9c9ebfad3551f0976174780c6b3d6a83bd0

  • SSDEEP

    196608:9F2Je5UY0zDzb3lC5c5ErXFEhv9Okjw8cyAtzli:PceKhzb1C5c5EyhvnUFyOzli

Malware Config

Targets

    • Target

      Opium.exe

    • Size

      6.3MB

    • MD5

      51a4b92d3d474b74c99f9bf8006adcf8

    • SHA1

      876c3445e81651d207beedcdbc42384b7c6579f5

    • SHA256

      25f1cc14c6f92b5300f016dbd6fae84ccd5e8c95cada73463b3b4963fcf12f16

    • SHA512

      7aec357d2b1ed372f193ebed8a3dde3ece67d7ca76036c0a00c74141ea15a8dac4d6c1a34a9cc039110e993c6b4fbc11d85a251a69224752620badbe0a340778

    • SSDEEP

      98304:CQ91G75YthUySccRacg/BGfO1q4HNK0zbup/xzcq8zAFPjv9JT1sOBN3o1SX:F45e6ySraRRnz+R8zmPf1D7JX

    Score
    8/10
    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks