Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    osint.exe

  • Size

    8.6MB

  • Sample

    240705-tdmvbstdqd

  • MD5

    3818e1b208a5e2b87e33605401d51bf7

  • SHA1

    fb6654fef194c15fde955384288c5fe26652d4c7

  • SHA256

    c1da27820a0d014e035568229fd2fcf60d0b55f09082a3a31d8c1f2ef244a48a

  • SHA512

    a39e5a6c6573dfc3134f9b0dff01b3617f0b626bd7a3873888f73c32674e0d87d9d4a9a7eded4ff6e08e6e1714ea580aa7b12a44ffeef79014e044cd1f6b90bd

  • SSDEEP

    196608:qnp//E8pA1HeT39Iigw7vKub75bcjWgb66e7GJzfoAkj2zWlRYW:f8C1+TtIiF7vB5IjWq66eCzmSW

Malware Config

Targets

    • Target

      osint.exe

    • Size

      8.6MB

    • MD5

      3818e1b208a5e2b87e33605401d51bf7

    • SHA1

      fb6654fef194c15fde955384288c5fe26652d4c7

    • SHA256

      c1da27820a0d014e035568229fd2fcf60d0b55f09082a3a31d8c1f2ef244a48a

    • SHA512

      a39e5a6c6573dfc3134f9b0dff01b3617f0b626bd7a3873888f73c32674e0d87d9d4a9a7eded4ff6e08e6e1714ea580aa7b12a44ffeef79014e044cd1f6b90bd

    • SSDEEP

      196608:qnp//E8pA1HeT39Iigw7vKub75bcjWgb66e7GJzfoAkj2zWlRYW:f8C1+TtIiF7vB5IjWq66eCzmSW

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks