Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Eleven.exe

  • Size

    245KB

  • Sample

    240513-tkpbqsea93

  • MD5

    fe7e313a10d6c8b7f3520851a31b479a

  • SHA1

    af28d7f96404be348f5d8f354169ed0d7ad5660a

  • SHA256

    d50ebf3a3a55e22195e53edd557618e2d9b0d4903a14bae33dcd1351e16590a3

  • SHA512

    9cafc803381301cc73a781f21fb63c3c27b4cdb60bf0857c03b2a4661cbc5a2aa20d069e44fbb9bdd76626093e38b4b770facf93e6e9e6c63ce8b774620f569a

  • SSDEEP

    6144:Nx/LcTEyF1dH3VOVw44UOisbaxHUsAxyOzk9jAUdubJ:MBREcUkHxy8yAb

Malware Config

Targets

    • Target

      Eleven.exe

    • Size

      245KB

    • MD5

      fe7e313a10d6c8b7f3520851a31b479a

    • SHA1

      af28d7f96404be348f5d8f354169ed0d7ad5660a

    • SHA256

      d50ebf3a3a55e22195e53edd557618e2d9b0d4903a14bae33dcd1351e16590a3

    • SHA512

      9cafc803381301cc73a781f21fb63c3c27b4cdb60bf0857c03b2a4661cbc5a2aa20d069e44fbb9bdd76626093e38b4b770facf93e6e9e6c63ce8b774620f569a

    • SSDEEP

      6144:Nx/LcTEyF1dH3VOVw44UOisbaxHUsAxyOzk9jAUdubJ:MBREcUkHxy8yAb

    • Modifies Windows Defender Real-time Protection settings

    • UAC bypass

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Disables cmd.exe use via registry modification

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks