Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ac27dc7b2f18d58d2973ee2f498af390N.exe

  • Size

    724KB

  • Sample

    240716-my5gjs1grc

  • MD5

    ac27dc7b2f18d58d2973ee2f498af390

  • SHA1

    50a780ba391b1a48a9b449dca785bc194a51e167

  • SHA256

    178e381b3ba0272af35bff751869860285db8791ebf918d0df375d9897e67eff

  • SHA512

    abd0f2e47a5c7f50c43fc74125b217afc63cba9d771f13ad200b1342bace1a643fc02e714bf0ec5e6739fbd573de20f381a0776998621c81abe920b377a7f363

  • SSDEEP

    12288:lXa8s4Jw5/da6vtI2Ra3E328f2g5ggRWEdjtmQa6pz9gnh7n/h/B0n:lq8DJw5A6ve2Ra0d1JdRShb/hmn

Malware Config

Targets

    • Target

      ac27dc7b2f18d58d2973ee2f498af390N.exe

    • Size

      724KB

    • MD5

      ac27dc7b2f18d58d2973ee2f498af390

    • SHA1

      50a780ba391b1a48a9b449dca785bc194a51e167

    • SHA256

      178e381b3ba0272af35bff751869860285db8791ebf918d0df375d9897e67eff

    • SHA512

      abd0f2e47a5c7f50c43fc74125b217afc63cba9d771f13ad200b1342bace1a643fc02e714bf0ec5e6739fbd573de20f381a0776998621c81abe920b377a7f363

    • SSDEEP

      12288:lXa8s4Jw5/da6vtI2Ra3E328f2g5ggRWEdjtmQa6pz9gnh7n/h/B0n:lq8DJw5A6ve2Ra0d1JdRShb/hmn

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks