Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    sutup-Chrome.13.26.x64.zip

  • Size

    15.1MB

  • Sample

    240426-mr3dlsef76

  • MD5

    3da317519de2f2dea02bb16894317051

  • SHA1

    6926da5cba7aed9eb370b338e38990c0268668ee

  • SHA256

    44abf0cadee82f049bbc3dfeb8277529d3650f6f76fb76e00ec65228b8ec21e6

  • SHA512

    134ac0c5075f3d08e078a5f369de4dea04e9369a504ea4657c6921af3a6ba2ee635e8bd394dca4c03bcf3cb0f8838d3421cdc49858dfe084465ed48d588038c0

  • SSDEEP

    393216:3LXgE3gw94y+TBxJhVAa6Q03eE2ytIy963gHe8swneCMjeD4:bQEITJX/yAQ+8Nn8

Malware Config

Targets

    • Target

      sutup-Chrome.13.26.x64.msi

    • Size

      15.6MB

    • MD5

      86561e111e7ce97e13a9936b9b4ba849

    • SHA1

      61cd40da9253a367e416c9ab67e73738f18948c3

    • SHA256

      bd462515ea9ffe66fc27d9baa0fcc4bf733385829c2fc5676129aaeeb2e0af88

    • SHA512

      33d26416412d777fb2758bc41b44a9e9107906879c85bb4609702242deb2bcd83ed8a5f5da7a1d3e4662ca7b31dbfbbe1faa8364952546ff600136e8c2cf7d54

    • SSDEEP

      393216:qCBN2m9uaDsIqvv3/L/2m68UzYWIMWLBM36dmdRwhm7YLp:RkmqvHv1M/q8dOh

    • Creates new service(s)

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies Installed Components in the registry

    • Modifies Windows Firewall

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks