Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    teardown.torrent

  • Size

    86KB

  • Sample

    240626-p553rsybjj

  • MD5

    d1d744adaabaa1c7c3afe04705d51567

  • SHA1

    ec7f7196e318567221f64f6129d388aaa87e0c61

  • SHA256

    082cdcb81ac344b77c26c779e8ba21e1d9a1bfd4baf39add124d0f5921f7c3e1

  • SHA512

    4d9b7e4277a4a8c5c8de4ced518cc142cbba43acd2bdb248bd781d3973f1aab07af92639af64e8ff82dfa3f4f228ebbadcedf8d58b0dc6722a119f8a2826706c

  • SSDEEP

    1536:ZIsOPc+X+C0dWDakfS1BYAaCd09RcfYiKdpLKwpr7zyP+usapxR/7c81:nI+C0dWekOYNq09RcfqEwpr7zisixFB1

Malware Config

Targets

    • Target

      teardown.torrent

    • Size

      86KB

    • MD5

      d1d744adaabaa1c7c3afe04705d51567

    • SHA1

      ec7f7196e318567221f64f6129d388aaa87e0c61

    • SHA256

      082cdcb81ac344b77c26c779e8ba21e1d9a1bfd4baf39add124d0f5921f7c3e1

    • SHA512

      4d9b7e4277a4a8c5c8de4ced518cc142cbba43acd2bdb248bd781d3973f1aab07af92639af64e8ff82dfa3f4f228ebbadcedf8d58b0dc6722a119f8a2826706c

    • SSDEEP

      1536:ZIsOPc+X+C0dWDakfS1BYAaCd09RcfYiKdpLKwpr7zyP+usapxR/7c81:nI+C0dWekOYNq09RcfqEwpr7zisixFB1

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v15

Tasks