Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    qqOptimizer.exe

  • Size

    18.5MB

  • Sample

    240427-1elf8ahd2x

  • MD5

    c9df4d23ad28861982bd8bba0a09c6f6

  • SHA1

    da45943762612abce8ada7eea3634a35fe714407

  • SHA256

    8eff51fe0ddfeeeaf549141f2594cf731d26490344139f8abcdeeacbd3837d27

  • SHA512

    ea918c8e7f0eeefd88eca4f23c14e38402666b9763b3fb2b743f264c09f4c7acaabd20586d3f24012191b326d10588bd3532d169f249a01d105d87feeeb5d555

  • SSDEEP

    393216:Tu7L/1aUQT+paL2Vmd6mXVBkGCw1DW8B3+d9p+AMJlHU:TCLdaUQ6payVmdl3+4W8BOd9peNU

Malware Config

Targets

    • Target

      qqOptimizer.exe

    • Size

      18.5MB

    • MD5

      c9df4d23ad28861982bd8bba0a09c6f6

    • SHA1

      da45943762612abce8ada7eea3634a35fe714407

    • SHA256

      8eff51fe0ddfeeeaf549141f2594cf731d26490344139f8abcdeeacbd3837d27

    • SHA512

      ea918c8e7f0eeefd88eca4f23c14e38402666b9763b3fb2b743f264c09f4c7acaabd20586d3f24012191b326d10588bd3532d169f249a01d105d87feeeb5d555

    • SSDEEP

      393216:Tu7L/1aUQT+paL2Vmd6mXVBkGCw1DW8B3+d9p+AMJlHU:TCLdaUQ6payVmdl3+4W8BOd9peNU

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks