Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b5f8892249e83bf069f1253c2af3219e4471025855f315472ab9b787c9abd5c6

  • Size

    89KB

  • Sample

    240604-carknshc9x

  • MD5

    c944bb0548937bcaeb27b59efd866912

  • SHA1

    59fb5f7d37690f950edf70ce7dd8abb1d634d3d3

  • SHA256

    b5f8892249e83bf069f1253c2af3219e4471025855f315472ab9b787c9abd5c6

  • SHA512

    2b644352fd9209f0f4f1976b2ec57cb058c98667dc385c2d0edb630d3a210df6122f207b735bc136ebc5b822ca5308a9c5c7019daf0e9381f6bf3d9f373c2a4e

  • SSDEEP

    1536:XHXqO6ZG03eyenOj9lgA/PObuTMT5NMCfL7ojaZf5aZlBlG7:M1uF6Feu2NlQOBcG7

Malware Config

Targets

    • Target

      b5f8892249e83bf069f1253c2af3219e4471025855f315472ab9b787c9abd5c6

    • Size

      89KB

    • MD5

      c944bb0548937bcaeb27b59efd866912

    • SHA1

      59fb5f7d37690f950edf70ce7dd8abb1d634d3d3

    • SHA256

      b5f8892249e83bf069f1253c2af3219e4471025855f315472ab9b787c9abd5c6

    • SHA512

      2b644352fd9209f0f4f1976b2ec57cb058c98667dc385c2d0edb630d3a210df6122f207b735bc136ebc5b822ca5308a9c5c7019daf0e9381f6bf3d9f373c2a4e

    • SSDEEP

      1536:XHXqO6ZG03eyenOj9lgA/PObuTMT5NMCfL7ojaZf5aZlBlG7:M1uF6Feu2NlQOBcG7

    • Detects executables containing base64 encoded User Agent

    • UPX dump on OEP (original entry point)

    • Blocklisted process makes network request

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks