Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Built.exe

  • Size

    6.8MB

  • Sample

    240706-bvsg2a1hlj

  • MD5

    e804e063514ead0c7a9b984414798123

  • SHA1

    7fddff7ae8b6edcefd919cae4130f8ebd8150c16

  • SHA256

    5d75e738b9c615b8a141a98b7dcd9dfa697567f95572f1269b4cd773aea48563

  • SHA512

    f7d617c2ac414fe90b3dba9750cfb167bbca140fb86a89ac827a153cad29011790a8492e95e49dbcb9e72cce8b6df092da1689240dbcf93bd296e218df1d5cf2

  • SSDEEP

    196608:qrJ8V17B6ylnlPzf+JiJCsmFMvNn6hVvTz:lBRlnlPSa7mmvN+rz

Malware Config

Targets

    • Target

      Built.exe

    • Size

      6.8MB

    • MD5

      e804e063514ead0c7a9b984414798123

    • SHA1

      7fddff7ae8b6edcefd919cae4130f8ebd8150c16

    • SHA256

      5d75e738b9c615b8a141a98b7dcd9dfa697567f95572f1269b4cd773aea48563

    • SHA512

      f7d617c2ac414fe90b3dba9750cfb167bbca140fb86a89ac827a153cad29011790a8492e95e49dbcb9e72cce8b6df092da1689240dbcf93bd296e218df1d5cf2

    • SSDEEP

      196608:qrJ8V17B6ylnlPzf+JiJCsmFMvNn6hVvTz:lBRlnlPSa7mmvN+rz

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v15

Tasks