Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    49ff72ea3ea290189817d7ae5fa34110N.exe

  • Size

    1.7MB

  • Sample

    240719-d33zvatgnh

  • MD5

    49ff72ea3ea290189817d7ae5fa34110

  • SHA1

    32be17d3be3ee783af5ee5b86664fff4d8ca963f

  • SHA256

    20830725a8f2eefedfcf876dd97e9cb9194a2d267d0393ae1238c66a847d214d

  • SHA512

    ef946777934a25dd2c5dd0dbe5ffcdf02a2f93ad396d997e793142e9e3870aa5492fa7b580284ee2349a43e11d9ec2ea5b3b5172304cc57ac6d6ccb6d72787af

  • SSDEEP

    49152:AIQW4dRl8cW4qWJ5i63r+tUwvaCFYTkB4Hqckyh:JQjR2jKiOr+xYZbT

Malware Config

Targets

    • Target

      49ff72ea3ea290189817d7ae5fa34110N.exe

    • Size

      1.7MB

    • MD5

      49ff72ea3ea290189817d7ae5fa34110

    • SHA1

      32be17d3be3ee783af5ee5b86664fff4d8ca963f

    • SHA256

      20830725a8f2eefedfcf876dd97e9cb9194a2d267d0393ae1238c66a847d214d

    • SHA512

      ef946777934a25dd2c5dd0dbe5ffcdf02a2f93ad396d997e793142e9e3870aa5492fa7b580284ee2349a43e11d9ec2ea5b3b5172304cc57ac6d6ccb6d72787af

    • SSDEEP

      49152:AIQW4dRl8cW4qWJ5i63r+tUwvaCFYTkB4Hqckyh:JQjR2jKiOr+xYZbT

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks