Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f4819c22d68d4549c9ea1b6d675f1465d41e9e7b63c7d5d63909ab4b1cbc43ed

  • Size

    255KB

  • Sample

    240508-e5cfcadd93

  • MD5

    740ea66177e5ad75c64a090826daab0e

  • SHA1

    557e57c972341ba0c236fb8c8e0a0478e75ae220

  • SHA256

    f4819c22d68d4549c9ea1b6d675f1465d41e9e7b63c7d5d63909ab4b1cbc43ed

  • SHA512

    7447978883e4de57219034e193aac65c9e4557b91212903186583f0b5e89c5aff31d7199c286b86b8c32c8c637807b51c210112e23004bf3628dca7b4198ae3e

  • SSDEEP

    6144:lf4/sJYWd+ZO+oTcboiSLhCGnFo7ksYKFn3DqFn9W7:lf4QlqMT0oignsd3r7

Malware Config

Targets

    • Target

      f4819c22d68d4549c9ea1b6d675f1465d41e9e7b63c7d5d63909ab4b1cbc43ed

    • Size

      255KB

    • MD5

      740ea66177e5ad75c64a090826daab0e

    • SHA1

      557e57c972341ba0c236fb8c8e0a0478e75ae220

    • SHA256

      f4819c22d68d4549c9ea1b6d675f1465d41e9e7b63c7d5d63909ab4b1cbc43ed

    • SHA512

      7447978883e4de57219034e193aac65c9e4557b91212903186583f0b5e89c5aff31d7199c286b86b8c32c8c637807b51c210112e23004bf3628dca7b4198ae3e

    • SSDEEP

      6144:lf4/sJYWd+ZO+oTcboiSLhCGnFo7ksYKFn3DqFn9W7:lf4QlqMT0oignsd3r7

    • Detects executables containing base64 encoded User Agent

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks