Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7e2888d7d6e7cb3468f03a3634996af3a123009c74daaf6fabe496107820dacc
-
Size
2.0MB
-
Sample
240723-jbfccsvamg
-
MD5
71b31ffe85f5bf984ea7c3b5d0166b9a
-
SHA1
7767ef583b3690a66aa65a07ad6703dff8233d5a
-
SHA256
7e2888d7d6e7cb3468f03a3634996af3a123009c74daaf6fabe496107820dacc
-
SHA512
c386a0f4d8787c908b2c6ccec849e1bf95ea9aec13fb7cb83cf69a21045384f45801a9673b06a283add1ca870ee829af5b42d281d0e6dd9a52eb051fe10cc168
-
SSDEEP
49152:OqbpxOpI9RBxy4mjrnSw/xAaj+3WFpbyIX1FiktUs6/cuCY3C82x:OaxOpI9RWBzJbF5/ix0uCYy1x
Malware Config
Targets
-
-
Target
56e85cf5461b41717ecb9aa132c1e321348c273c11f50ca0e01e08153c54b27e
-
Size
2.0MB
-
MD5
127ad848bb4876ccae990b14846f8e8b
-
SHA1
18816cec922e7a4fbf487422b9847c6c122276f3
-
SHA256
56e85cf5461b41717ecb9aa132c1e321348c273c11f50ca0e01e08153c54b27e
-
SHA512
635962ea4b253827d84a2284f6b0d09dff4ee75d2e51354d306114a0483fa405408a679eb0aa3dd5fcf64b66c6a372a6bf868582f7327c643640523e32ee9c23
-
SSDEEP
49152:wsDcZ3PNT//kzv0V7tKzpMdV3+SklVAAFq3Pux7PB:wnOa5ApMLKAmjB
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-