Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    virussign.com_c6ff1ce00a5e6484de89d9d090ba0da0.vir

  • Size

    75KB

  • Sample

    240528-taxkcsah3w

  • MD5

    c6ff1ce00a5e6484de89d9d090ba0da0

  • SHA1

    52a67cb5a09fc9a2fd9116b760c4a1feeb5d48cd

  • SHA256

    b976782c527a56edc4a8aa79c9ec2cdf3159d0336926643e78f6a1c45dbe7040

  • SHA512

    c3daffbc7edd623acf6d8b09c55695d880ed401b23dc263fad2e2cdc6f92593c8d4ae5e30d119a733a64156559bd8e38f0c3f8c4d11ab4070ea6beac282412bf

  • SSDEEP

    1536:1x1Qja7luy6y0s4sqfkbnAKBOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3s:fOjWuyt0ZsqsXOKofHfHTXQLzgvnzHPE

Malware Config

Targets

    • Target

      virussign.com_c6ff1ce00a5e6484de89d9d090ba0da0.vir

    • Size

      75KB

    • MD5

      c6ff1ce00a5e6484de89d9d090ba0da0

    • SHA1

      52a67cb5a09fc9a2fd9116b760c4a1feeb5d48cd

    • SHA256

      b976782c527a56edc4a8aa79c9ec2cdf3159d0336926643e78f6a1c45dbe7040

    • SHA512

      c3daffbc7edd623acf6d8b09c55695d880ed401b23dc263fad2e2cdc6f92593c8d4ae5e30d119a733a64156559bd8e38f0c3f8c4d11ab4070ea6beac282412bf

    • SSDEEP

      1536:1x1Qja7luy6y0s4sqfkbnAKBOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3s:fOjWuyt0ZsqsXOKofHfHTXQLzgvnzHPE

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks