Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Internet Download Manager.rar

  • Size

    11.9MB

  • Sample

    240528-fraj9sfd8v

  • MD5

    973b6cb90e7c1f6c47eb05b3dbb0b233

  • SHA1

    6722948353cb8e7399f69e5f0226fcf11aa18138

  • SHA256

    339856af82196c7f53ff60568dcad882d1354193d610b198bc7fd9d5a5cba700

  • SHA512

    121b9956687ec84cd417399d142b85aecb10107e694418d354c5fed25c6719aa0bc80481d5acb5f06485a5e4182ad4705c2bcf2aa8091d57556a1daee40bf4b5

  • SSDEEP

    196608:DJMoqf6ZgYB7OjwVDysxn78z1WEMZ5pyM39XGBWUGn6GARPkXOpqvRn+zPxNFc9W:Dioqf/YB6jZ2n78z2sMFWWLiaOiJKP7T

Malware Config

Targets

    • Target

      Internet Download Manager/IDMGrHlp.exe

    • Size

      507KB

    • MD5

      17b96559486f6d9194a4fbee84248257

    • SHA1

      f112c3beda5f6ed5debcc9d1dd117623c77384fb

    • SHA256

      b3b6281ea820eae8192e50b30698cf4c3b8bc3d4376c978403bc9e18e5857c23

    • SHA512

      a16f778f95cc39aa55760b72cd3a37a515a3d04f040f12ef865f8ba1cec3bb574bca97eb6ebd86f78d8235dad27a858e7e3fd6c9b3b87075ab220f6e581c3fd0

    • SSDEEP

      12288:B5j7m7bY95bVvxuWxrrv3bE2Xaq78vODPFagF6:3OQvxuWxrfE2Xa9vODdagF6

    Score
    1/10
    • Target

      Internet Download Manager/IDMan.exe

    • Size

      5.7MB

    • MD5

      0cb2421a44f78d903f26fdacba065d63

    • SHA1

      5c91b53852b055865e46d213679cb76e99905c9a

    • SHA256

      cbc46abe4e9a201d366cdd95ae2d34776328b6dd547c8487274006cec26a793a

    • SHA512

      8678d1aba5cef43473501f793253d6244bff78027195beb1225081beedf3097f6c346aeced7c7df15d539ad0dfd41a9e240c44166e3458f8c7cfcddcb5d07d19

    • SSDEEP

      98304:hkGfMJBeiJ9a3N8rP4j18frP3wbzWFimaI7dlo:OhBeiJ9adygbzWFimaI7dl

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • Adds Run key to start application

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      Internet Download Manager/IDMan.exe.BAK

    • Size

      5.7MB

    • MD5

      0c889b8415364665b7bc6e5fc62725af

    • SHA1

      a93e0c73c53b5f80d9d62b403999794479fab716

    • SHA256

      1e273066687517e46447b352dd2f6c836e7c8109ef7053d286c0dd3432eb8cca

    • SHA512

      922a89714e7cd86e05c62579344cda82cdd531556ab5255ff41a85a58c9cbfe294f9dbb00d4a9cfd94420993587920eb04ef850951cb961612980e049e40f618

    • SSDEEP

      98304:9n4fMJBeiJ9a3N8rP4S18frP3wbzWFimaI7dlo+:RPBeiJ9ad9gbzWFimaI7dl3

    • Drops file in Drivers directory

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Target

      Internet Download Manager/IEMonitor.exe

    • Size

      375KB

    • MD5

      7631c33878c331d7396679b0c391fca8

    • SHA1

      77ac7d3e4d50a67751b7577b4e284aaa7245733d

    • SHA256

      c8fd8860e9a05cc61684ca7a4fea22eda721e701ee717dc039f52312d8d21be6

    • SHA512

      4f7ca574794fcd5eddb1bb94919e63fb9ddf35dbd451b25ed30db0ba1b3ab3c373fd7f7d99794456c1ca0532a3b494c5ff85c1906936b504c787172326860892

    • SSDEEP

      6144:1jBIBdVp4/GMlkkcTWponHXVRO2vaMByhCjFp5aapeVbDWTdhqMQaPRGugx:1SFMlkXTWpvmaMByhopIaCbiTdbGF

    Score
    1/10
    • Target

      Internet Download Manager/MediumILStart.exe

    • Size

      51KB

    • MD5

      d44f8056ffd0f578d97639602db50895

    • SHA1

      58db1b4cae795038c58291fa433d974e319b2765

    • SHA256

      a4fda3af1c386028b46629e6f5113b36aab7e76278ea6683b82eb575dfb9be7b

    • SHA512

      e38f4cd19f3a5a227f2a15ff4f5c360125393980812969190435420fde90b5b25ec13c4f79ae5d4bf02f4bdb043a9d9e9e59ee92ca01ce1fcb1fbf327e37996f

    • SSDEEP

      768:wRDNL0gly4Rps1+Ro9HzvV/6izuJa6R8pJthBy4WYiTAMxkEbR:wbL9PJRKz5iRI/hk4W7Tx5

    Score
    1/10
    • Target

      Internet Download Manager/idmBroker.exe

    • Size

      153KB

    • MD5

      e2f17e16e2b1888a64398900999e9663

    • SHA1

      688d39cb8700ceb724f0fe2a11b8abb4c681ad41

    • SHA256

      97810e0b3838a7dca94d73a8b9e170107642b064713c084c231de6632cb68a9c

    • SHA512

      8bde415db03463398e5e546a89c73fff9378f34f5c2854a7c24d7e6e58d5cdf7c52218cb3fc8f1b4052ce473bb522a2e7e2677781bcdec3216284f22d65fc40b

    • SSDEEP

      3072:5V4QdqBKAsUJYwLy8dTc2/MzdVe2Vt54fytZdz:5VuEA9OwLy8dTc2msqYedz

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks