Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4454e9365eaaa9e8ed865a83b3abc6c95683b965fa6f970e8c4e44e1a0e2496e.exe

  • Size

    1.9MB

  • Sample

    240705-lvma5awdlq

  • MD5

    5c1018fd884545012bf0e89bb6d9b1c0

  • SHA1

    9895e0c712405f22c86a3282adb444a17b881d98

  • SHA256

    4454e9365eaaa9e8ed865a83b3abc6c95683b965fa6f970e8c4e44e1a0e2496e

  • SHA512

    1a9f3361db3e97e93b010cf5c03cfb0a2981f8ebc5e6cd024d7876a31d580e00424af783d74b1e5cbaeceba8b874e2e4154fcd8c4ca97dae557d604ab4926439

  • SSDEEP

    49152:VTJG5jSps2zMraYnl2hmJuCxpukIDu/zYZz7yFG+iT0B8Jx5FXE:20s2Arpl5Puk4UwywT0WLXE

Malware Config

Targets

    • Target

      4454e9365eaaa9e8ed865a83b3abc6c95683b965fa6f970e8c4e44e1a0e2496e.exe

    • Size

      1.9MB

    • MD5

      5c1018fd884545012bf0e89bb6d9b1c0

    • SHA1

      9895e0c712405f22c86a3282adb444a17b881d98

    • SHA256

      4454e9365eaaa9e8ed865a83b3abc6c95683b965fa6f970e8c4e44e1a0e2496e

    • SHA512

      1a9f3361db3e97e93b010cf5c03cfb0a2981f8ebc5e6cd024d7876a31d580e00424af783d74b1e5cbaeceba8b874e2e4154fcd8c4ca97dae557d604ab4926439

    • SSDEEP

      49152:VTJG5jSps2zMraYnl2hmJuCxpukIDu/zYZz7yFG+iT0B8Jx5FXE:20s2Arpl5Puk4UwywT0WLXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks