Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Avira Phantom VPN 2.41.1.25731.exe

  • Size

    7.2MB

  • Sample

    240430-tal4macc37

  • MD5

    bf245b7db7637e6b2991105f62cc76de

  • SHA1

    1d7252929d5c4cb404a34e553b72757729c701d5

  • SHA256

    c414e764c53a81c6beb2c393635044661da238380492c182162b37f3e82a8c89

  • SHA512

    08380e7ab2012f453ec4cb72646ca3a920d32f2f253f5c956b239780d1d08e434c4353580f6f9c95317b0e76810bc9351def59039350b96a4d989ece80722076

  • SSDEEP

    196608:cI+4fSWrh9ry+5jCyVCavZ7jnEDHGV6uXVM4Fz6Krg:cIBZrXryiC8fnImV1zIKrg

Malware Config

Targets

    • Target

      Avira Phantom VPN 2.41.1.25731.exe

    • Size

      7.2MB

    • MD5

      bf245b7db7637e6b2991105f62cc76de

    • SHA1

      1d7252929d5c4cb404a34e553b72757729c701d5

    • SHA256

      c414e764c53a81c6beb2c393635044661da238380492c182162b37f3e82a8c89

    • SHA512

      08380e7ab2012f453ec4cb72646ca3a920d32f2f253f5c956b239780d1d08e434c4353580f6f9c95317b0e76810bc9351def59039350b96a4d989ece80722076

    • SSDEEP

      196608:cI+4fSWrh9ry+5jCyVCavZ7jnEDHGV6uXVM4Fz6Krg:cIBZrXryiC8fnImV1zIKrg

    • Creates new service(s)

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks