Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    API.exe

  • Size

    6.6MB

  • Sample

    240421-y9zwzsbd3s

  • MD5

    07fcda5e8c88548ab30e7a26b0304d8a

  • SHA1

    b6abf49f34ab1465cd6f671b2148e5ddcaa2f152

  • SHA256

    0c89c0d06ecfe89860ff6defd3e22a0b707b253f2f23f80192b3b3b9a1b28458

  • SHA512

    cd6cb17854b0e47efb7325f22d119976a1a6fefd968e601ad0869c2467fc83f395bac237536d009aa8aac5fa22a594c711c05498019436f3503a6e7d90680b92

  • SSDEEP

    196608:Yry7bJ7hEDOYjJlpZstQoS9Hf12VKXPXC9b8CuVj:5lEBpGt7G/Moy9bkj

Malware Config

Targets

    • Target

      API.exe

    • Size

      6.6MB

    • MD5

      07fcda5e8c88548ab30e7a26b0304d8a

    • SHA1

      b6abf49f34ab1465cd6f671b2148e5ddcaa2f152

    • SHA256

      0c89c0d06ecfe89860ff6defd3e22a0b707b253f2f23f80192b3b3b9a1b28458

    • SHA512

      cd6cb17854b0e47efb7325f22d119976a1a6fefd968e601ad0869c2467fc83f395bac237536d009aa8aac5fa22a594c711c05498019436f3503a6e7d90680b92

    • SSDEEP

      196608:Yry7bJ7hEDOYjJlpZstQoS9Hf12VKXPXC9b8CuVj:5lEBpGt7G/Moy9bkj

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks