Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b4b9776e34e04128c8b6dc9687c5df2d4f516812d49208a5f62fb2812caa3da1

  • Size

    403KB

  • Sample

    240425-tr4p1ace44

  • MD5

    baf16c2c158fbdd477d7f56dd15a28e8

  • SHA1

    11c539c452866e09a4bdb56aa102d8b69d99ab15

  • SHA256

    b4b9776e34e04128c8b6dc9687c5df2d4f516812d49208a5f62fb2812caa3da1

  • SHA512

    82c91d7c4c2163061fc04b3700718c64b088493057033e7f5d34bf156b0cd11e702030cc5d1546506d3592e720e6afb574b7544bcb87ff367430ebf785fa03f4

  • SSDEEP

    6144:3w9D91dOrcN3ZGXNYFNmIkYvUIelVjjVtGRyFH4:gtRfJcNYFNm8UhlZGse

Malware Config

Targets

    • Target

      b4b9776e34e04128c8b6dc9687c5df2d4f516812d49208a5f62fb2812caa3da1

    • Size

      403KB

    • MD5

      baf16c2c158fbdd477d7f56dd15a28e8

    • SHA1

      11c539c452866e09a4bdb56aa102d8b69d99ab15

    • SHA256

      b4b9776e34e04128c8b6dc9687c5df2d4f516812d49208a5f62fb2812caa3da1

    • SHA512

      82c91d7c4c2163061fc04b3700718c64b088493057033e7f5d34bf156b0cd11e702030cc5d1546506d3592e720e6afb574b7544bcb87ff367430ebf785fa03f4

    • SSDEEP

      6144:3w9D91dOrcN3ZGXNYFNmIkYvUIelVjjVtGRyFH4:gtRfJcNYFNm8UhlZGse

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks