Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    krampus.exe

  • Size

    7.3MB

  • Sample

    240508-tj656acf3y

  • MD5

    7770c30f380ca15ac76189221cb6d07d

  • SHA1

    3d177e8302279f080a405bf5ff969e3738a285d1

  • SHA256

    bf679883646041dae5b484f1f8dc9f134124d2d85611837c49ffa1ab2f54a39c

  • SHA512

    e8c3746d0acb587c03e57c0d726447e84c6c1993f8decf22ff207f1711e4717eb149a80514fbf33a97c7d1d81bf45c0af03bff2f2194feff36e3a7f21824c8fb

  • SSDEEP

    196608:3r7dYS6qDOshoKMuIkhVastRL5Di3uh1D7JQ:dYSNOshouIkPftRL54YRJQ

Malware Config

Targets

    • Target

      krampus.exe

    • Size

      7.3MB

    • MD5

      7770c30f380ca15ac76189221cb6d07d

    • SHA1

      3d177e8302279f080a405bf5ff969e3738a285d1

    • SHA256

      bf679883646041dae5b484f1f8dc9f134124d2d85611837c49ffa1ab2f54a39c

    • SHA512

      e8c3746d0acb587c03e57c0d726447e84c6c1993f8decf22ff207f1711e4717eb149a80514fbf33a97c7d1d81bf45c0af03bff2f2194feff36e3a7f21824c8fb

    • SSDEEP

      196608:3r7dYS6qDOshoKMuIkhVastRL5Di3uh1D7JQ:dYSNOshouIkPftRL54YRJQ

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks