Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0c9907387700a1b92bea706727f973cab6ac5666a0457d30407c93b8ff76be28
-
Size
407KB
-
Sample
240627-y9ynxs1glr
-
MD5
5e9f41310effb06dd2a3532d66fd2cdf
-
SHA1
79736e3f664930447f20f14a9b3b328ed761dca9
-
SHA256
0c9907387700a1b92bea706727f973cab6ac5666a0457d30407c93b8ff76be28
-
SHA512
7fae48ef836e8785ddbb8a5f7a7a3af73c178951b9c6638005440482680458652b96b3b89bb636ac09c30efab1ffc8db31615f575e9e96f67265a1bb875b6034
-
SSDEEP
6144:3w9D91dOrcN3ZGXNYFNmIkYvUIelVjjVtGRyFH4v:gtRfJcNYFNm8UhlZGsev
Malware Config
Targets
-
-
Target
0c9907387700a1b92bea706727f973cab6ac5666a0457d30407c93b8ff76be28
-
Size
407KB
-
MD5
5e9f41310effb06dd2a3532d66fd2cdf
-
SHA1
79736e3f664930447f20f14a9b3b328ed761dca9
-
SHA256
0c9907387700a1b92bea706727f973cab6ac5666a0457d30407c93b8ff76be28
-
SHA512
7fae48ef836e8785ddbb8a5f7a7a3af73c178951b9c6638005440482680458652b96b3b89bb636ac09c30efab1ffc8db31615f575e9e96f67265a1bb875b6034
-
SSDEEP
6144:3w9D91dOrcN3ZGXNYFNmIkYvUIelVjjVtGRyFH4v:gtRfJcNYFNm8UhlZGsev
Score8/10-
Blocklisted process makes network request
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1