Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    LIVE-WindowsPlayer-version-24872f7beace4d0a.zip

  • Size

    41.8MB

  • Sample

    240502-bajz6aed22

  • MD5

    b3f101953b44edd90aaa8648dec93717

  • SHA1

    99c8e8f6c95420657cd1e002d9fb974e9018e153

  • SHA256

    321c02faec1abcf85c3b733ee994b401db25585b4987b672ed2c4d68e66ded6e

  • SHA512

    270d1580e863e7a9ed8e8c86c628fefb1bfcf78a58b411771a77409e023b7b247f074bd7757c377310efed90d19b84103f2b370153819495de5a4faf2cef4b68

  • SSDEEP

    786432:Zz/UXprSUA91APLFXNOQhE6d9v4VJ/7zY:R8XprSV0LFdOQhE49v4VRY

Malware Config

Targets

    • Target

      LIVE-WindowsPlayer-version-24872f7beace4d0a/RobloxBetaLauncher.exe

    • Size

      17.7MB

    • MD5

      47b060421b60734cdded37210e70953d

    • SHA1

      31c342e6fb9f640f15c954a158f924247ca508cd

    • SHA256

      dbf61e3520db8f7cc121ae3a8f6991fd58002ea5561d402f5bac443b2dbb6749

    • SHA512

      6d7e48b3f01336a31e65d776ed4ab14b7e8ca6cc5549b399a1ed1cad58a4033e8a3e91948fc877ea7b8490a3ba7109913b22523905bfce080c09bd57fdecf2c0

    • SSDEEP

      393216:iqPnLFXlrPmQ8DOETgsvfGF3FgKEvEYcpAkq:nPLFXNOQhE6d9v4

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks