Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Ectasy.exe

  • Size

    48.6MB

  • Sample

    240502-ynrngsef7y

  • MD5

    39ff44451f15bc03b60e370aac9768ed

  • SHA1

    a8b444a0275ab72ed6fbafc71282c621b16e4177

  • SHA256

    dedc2c4b5affbfc481e21b182d3870741223f13863071ad84ef9ad52d245f87d

  • SHA512

    8d387908860ea268bcc1a5e37b1f8262cec9332553295b0b4858b054d5fd848748ae7eef3e11446acdbc24e089b93a46b0b54b7e743f6fa64bcd6389ad689b09

  • SSDEEP

    393216:45S5AWfqy4gP8AxYDX1+TtIiFYY9Z8D8Ccl6l+gqE5PKk9buK+:+aAWfx4bX71QtIDa8DZcIlKbkEK+

Malware Config

Targets

    • Target

      Ectasy.exe

    • Size

      48.6MB

    • MD5

      39ff44451f15bc03b60e370aac9768ed

    • SHA1

      a8b444a0275ab72ed6fbafc71282c621b16e4177

    • SHA256

      dedc2c4b5affbfc481e21b182d3870741223f13863071ad84ef9ad52d245f87d

    • SHA512

      8d387908860ea268bcc1a5e37b1f8262cec9332553295b0b4858b054d5fd848748ae7eef3e11446acdbc24e089b93a46b0b54b7e743f6fa64bcd6389ad689b09

    • SSDEEP

      393216:45S5AWfqy4gP8AxYDX1+TtIiFYY9Z8D8Ccl6l+gqE5PKk9buK+:+aAWfx4bX71QtIDa8DZcIlKbkEK+

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks