Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    rename_me.exe

  • Size

    37.6MB

  • Sample

    240626-qhpb6syfqk

  • MD5

    386044ac78761195dc1cb9ed918bfd09

  • SHA1

    aac832e2908b24d90af2931d5d98878bf046c2b0

  • SHA256

    d2aa93a274505ba40616e3fe4b2753c5f80bac609dd3c3a8410850dd214258f0

  • SHA512

    465e0e8444a68e6769a44d2c9866148739b23faec030975385b286f66d689d4e6630acef9bf4788a398dc18ef24d36955c676f001cba2aaeedd891ec95aa340f

  • SSDEEP

    393216:RQgHDlanaGBXvDKtz+bhPWES4tiNQPNrIKc4gaPbUAgrO4mgX96l+ZArYsFRlCq1:R3on1HvSzxAMNXFZArYs9/3WL4TYdTO

Malware Config

Targets

    • Target

      rename_me.exe

    • Size

      37.6MB

    • MD5

      386044ac78761195dc1cb9ed918bfd09

    • SHA1

      aac832e2908b24d90af2931d5d98878bf046c2b0

    • SHA256

      d2aa93a274505ba40616e3fe4b2753c5f80bac609dd3c3a8410850dd214258f0

    • SHA512

      465e0e8444a68e6769a44d2c9866148739b23faec030975385b286f66d689d4e6630acef9bf4788a398dc18ef24d36955c676f001cba2aaeedd891ec95aa340f

    • SSDEEP

      393216:RQgHDlanaGBXvDKtz+bhPWES4tiNQPNrIKc4gaPbUAgrO4mgX96l+ZArYsFRlCq1:R3on1HvSzxAMNXFZArYs9/3WL4TYdTO

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Hide Artifacts: Hidden Window

      Windows that would typically be displayed when an application carries out an operation can be hidden.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks