Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    891617216f4b2e8f831f9ee9dc6f498bb82cbfdf7e7dccc3d22c15829e1d68bc

  • Size

    2.7MB

  • Sample

    240710-bh19eaxbll

  • MD5

    1a632077fc1f1b80d1363719450a2c00

  • SHA1

    23e946a1baf9217e2eba01758b03fc0d5c45666d

  • SHA256

    891617216f4b2e8f831f9ee9dc6f498bb82cbfdf7e7dccc3d22c15829e1d68bc

  • SHA512

    ac64daa5817c64606e753df6a43d5c0b00f5dbf212c0936bb86d9feb9950e9877e59e764b98942752fd27dacacbfea19e2fcff1f96b9abacb3536dd147306f0a

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBw9w4Sx:+R0pI/IQlUoMPdmpSpW4

Malware Config

Targets

    • Target

      891617216f4b2e8f831f9ee9dc6f498bb82cbfdf7e7dccc3d22c15829e1d68bc

    • Size

      2.7MB

    • MD5

      1a632077fc1f1b80d1363719450a2c00

    • SHA1

      23e946a1baf9217e2eba01758b03fc0d5c45666d

    • SHA256

      891617216f4b2e8f831f9ee9dc6f498bb82cbfdf7e7dccc3d22c15829e1d68bc

    • SHA512

      ac64daa5817c64606e753df6a43d5c0b00f5dbf212c0936bb86d9feb9950e9877e59e764b98942752fd27dacacbfea19e2fcff1f96b9abacb3536dd147306f0a

    • SSDEEP

      49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBw9w4Sx:+R0pI/IQlUoMPdmpSpW4

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks