Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Setup.exe

  • Size

    37.6MB

  • Sample

    240721-nmhn3sygqg

  • MD5

    578301380ec4b2da9433e8e9a13e725f

  • SHA1

    abc3b5d3668f7436c60e15abdb10566b25ed2d2b

  • SHA256

    f03ff5ad41acc12ee8b940934a1341f7bdd98e09eb9a6c92704e2067020f8b41

  • SHA512

    b6f893c1fdb1d11bb40429fa554cc8a7f4bd49e5766c3a47a2dcb90e5eec6ba5c71c8cc02466c51f9c6775ce0100788087693649656f6aeaca7a62c5c0e01125

  • SSDEEP

    393216:RQgHDlanaGBXvDKtz+bhPWES4tiNQPNrIKc4gaPbUAgrO4mg896l+ZArYsFRl0PX:R3on1HvSzxAMN8FZArYssPv0q7OZaFN1

Malware Config

Targets

    • Target

      Setup.exe

    • Size

      37.6MB

    • MD5

      578301380ec4b2da9433e8e9a13e725f

    • SHA1

      abc3b5d3668f7436c60e15abdb10566b25ed2d2b

    • SHA256

      f03ff5ad41acc12ee8b940934a1341f7bdd98e09eb9a6c92704e2067020f8b41

    • SHA512

      b6f893c1fdb1d11bb40429fa554cc8a7f4bd49e5766c3a47a2dcb90e5eec6ba5c71c8cc02466c51f9c6775ce0100788087693649656f6aeaca7a62c5c0e01125

    • SSDEEP

      393216:RQgHDlanaGBXvDKtz+bhPWES4tiNQPNrIKc4gaPbUAgrO4mg896l+ZArYsFRl0PX:R3on1HvSzxAMN8FZArYssPv0q7OZaFN1

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Hide Artifacts: Hidden Window

      Windows that would typically be displayed when an application carries out an operation can be hidden.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks