Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Screenshot 2024-04-23 3.45.58 PM.png

  • Size

    360KB

  • Sample

    240423-z2qtsaca37

  • MD5

    5641fde0bd72e9594a5656d9d630d883

  • SHA1

    a26e86d9e143c67cb9cdfce554a8373b72ec6fdc

  • SHA256

    52e84685350b6d7ec1885f187fdd8417994ce653566555472fe98b4a8bde8eaa

  • SHA512

    797c07db95a5a9f0ed254a607a4dc0e4b8aa398b3868eaffbe2c541be28b316212732472340e2afefefcef9c4e827e51c435ba2a7522bedda51e5994617f09c3

  • SSDEEP

    6144:Zwcq+lFhJB1HkuA/jXbOXrMoX9fRiAKyTilfiv+AvrV/GRKuVfnokI+2Dcjmx:5hfTA3OXrfNJiANVv5vrViXlicjmx

Malware Config

Targets

    • Target

      Screenshot 2024-04-23 3.45.58 PM.png

    • Size

      360KB

    • MD5

      5641fde0bd72e9594a5656d9d630d883

    • SHA1

      a26e86d9e143c67cb9cdfce554a8373b72ec6fdc

    • SHA256

      52e84685350b6d7ec1885f187fdd8417994ce653566555472fe98b4a8bde8eaa

    • SHA512

      797c07db95a5a9f0ed254a607a4dc0e4b8aa398b3868eaffbe2c541be28b316212732472340e2afefefcef9c4e827e51c435ba2a7522bedda51e5994617f09c3

    • SSDEEP

      6144:Zwcq+lFhJB1HkuA/jXbOXrMoX9fRiAKyTilfiv+AvrV/GRKuVfnokI+2Dcjmx:5hfTA3OXrfNJiANVv5vrViXlicjmx

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks