Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    D-Delusion.rar

  • Size

    7.3MB

  • Sample

    240526-23ffjsgc87

  • MD5

    e353afe3cc54217216ba4aba2e7bd777

  • SHA1

    3259b7cd72bb864ec14494ce956cb11f6af5ad28

  • SHA256

    f9e0409810ad0093917c0006420bb5a051ec19949c7128296192a04a93f85794

  • SHA512

    0ea0521e4b1b7b10709fccecefd743553d87105b761c4a69933999741f2c7a7fdfe2bf0c181576bb613ad927a2cc7c75b891b7d1498f2d9e690e64c881caf3cd

  • SSDEEP

    196608:YgiA4i1xM0WIwaLCeowJUyux6gFNWgRobvfDZM:xki1WCLCX8HskgmjZM

Malware Config

Targets

    • Target

      D-Delusion/Delusion.exe

    • Size

      7.5MB

    • MD5

      f8c63eca8b26883c30d2240008b07150

    • SHA1

      ccfe5cf24b93114ceb5eca37d9412d3d5c9abd51

    • SHA256

      1bbd2b8817ad1726c8bcc7a13611164010bf04f70527e0bc61c2e408c23330f4

    • SHA512

      8b8f31931bc58dbefbaf74ca6072cdc91993eb5bfc2a683725939e44d935a5af53bf61a1fcfba4b061c362ad51b9efc45adffb94344cbf3806595272848d7f70

    • SSDEEP

      196608:ar97YS6Kc5OshoKMuIkhVastRL5Di3uh1D7J9:CYS85OshouIkPftRL54YRJ9

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks