Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bb88aaf25690e97bb6dad8fff86e3d00N.exe

  • Size

    2.6MB

  • Sample

    240721-nw7pka1gnl

  • MD5

    bb88aaf25690e97bb6dad8fff86e3d00

  • SHA1

    019c186c2999ace1395078db7ae6ec3d45d18b37

  • SHA256

    49a304d68501b3ecc375f09909ae0f409e44825caf22927182a607d68adced06

  • SHA512

    ac2dc5e54b900640d35c15c6c1a2cff12183174fe8e616069b0c6b4b14ebe2814a3baad6041c8625b6275c0890e71685e96396862d1f0d524a85228f89543069

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBMB/bS:sxX7QnxrloE5dpUpXb

Malware Config

Targets

    • Target

      bb88aaf25690e97bb6dad8fff86e3d00N.exe

    • Size

      2.6MB

    • MD5

      bb88aaf25690e97bb6dad8fff86e3d00

    • SHA1

      019c186c2999ace1395078db7ae6ec3d45d18b37

    • SHA256

      49a304d68501b3ecc375f09909ae0f409e44825caf22927182a607d68adced06

    • SHA512

      ac2dc5e54b900640d35c15c6c1a2cff12183174fe8e616069b0c6b4b14ebe2814a3baad6041c8625b6275c0890e71685e96396862d1f0d524a85228f89543069

    • SSDEEP

      49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBMB/bS:sxX7QnxrloE5dpUpXb

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks