Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a15e9db04994b573a9d20f057b3e673f5a260c1f33380ccc40c4c8a0a75453de

  • Size

    407KB

  • Sample

    240424-spp86acc6x

  • MD5

    150a8dda54467dccca91480c9b5fdf94

  • SHA1

    1acf401abee8209ee8bd993589703a3871a3687a

  • SHA256

    a15e9db04994b573a9d20f057b3e673f5a260c1f33380ccc40c4c8a0a75453de

  • SHA512

    142ad096bf6e6a8a682f7f7facab78da88f86b0e7b7787d6bfcd5a2813b0b084ba130b3a9e1f9f59c2e9587a32a50872054256b180663affd1e8bbd906a68ae7

  • SSDEEP

    12288:hKPo3tbRSxp3IxzHxQ3OwdO8kCHm/jqe8BaP:hbRSxGxsJO8kCGrVUaP

Malware Config

Targets

    • Target

      a15e9db04994b573a9d20f057b3e673f5a260c1f33380ccc40c4c8a0a75453de

    • Size

      407KB

    • MD5

      150a8dda54467dccca91480c9b5fdf94

    • SHA1

      1acf401abee8209ee8bd993589703a3871a3687a

    • SHA256

      a15e9db04994b573a9d20f057b3e673f5a260c1f33380ccc40c4c8a0a75453de

    • SHA512

      142ad096bf6e6a8a682f7f7facab78da88f86b0e7b7787d6bfcd5a2813b0b084ba130b3a9e1f9f59c2e9587a32a50872054256b180663affd1e8bbd906a68ae7

    • SSDEEP

      12288:hKPo3tbRSxp3IxzHxQ3OwdO8kCHm/jqe8BaP:hbRSxGxsJO8kCGrVUaP

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks