Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    pic.exe

  • Size

    111.2MB

  • Sample

    240514-wdb4yahb38

  • MD5

    9619c3daaf9bdfdaf8e1d71d8ff7709c

  • SHA1

    dfbd49422dbb0860e7a00bf58521f5e03f75060a

  • SHA256

    706ccf2efe020871260fba69c23ebcb6320defc1fff425427d6d729ab7169285

  • SHA512

    cf98e8a8edf23f23c7602f49ff88ec17475dec1831405fb2ed9f053345bcc13cff62415b12f467f3907d39a7c23d2291523aed4f663a593ec89c4d62013bf2c0

  • SSDEEP

    3145728:BIgYRPSC++6y9JXJJXt/VG6RmtCRlGPrFT2qHO5i2KGaS1J:BIxaC4y95L5mERlurHCi2+y

Malware Config

Targets

    • Target

      pic.exe

    • Size

      111.2MB

    • MD5

      9619c3daaf9bdfdaf8e1d71d8ff7709c

    • SHA1

      dfbd49422dbb0860e7a00bf58521f5e03f75060a

    • SHA256

      706ccf2efe020871260fba69c23ebcb6320defc1fff425427d6d729ab7169285

    • SHA512

      cf98e8a8edf23f23c7602f49ff88ec17475dec1831405fb2ed9f053345bcc13cff62415b12f467f3907d39a7c23d2291523aed4f663a593ec89c4d62013bf2c0

    • SSDEEP

      3145728:BIgYRPSC++6y9JXJJXt/VG6RmtCRlGPrFT2qHO5i2KGaS1J:BIxaC4y95L5mERlurHCi2+y

    • Downloads MZ/PE file

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks