Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8c6f1ac547840ebdb190013853277ff0N.exe

  • Size

    136KB

  • Sample

    240727-ec89lsvhlp

  • MD5

    8c6f1ac547840ebdb190013853277ff0

  • SHA1

    1fb9da8b94d03702aadc24fd8f66d6b04e34c3ff

  • SHA256

    c005eceaf2103414dc0e55daa5b53ae4ac2f4b2065393fecf69df0afa7db612a

  • SHA512

    e7a4af272c3cb4ce41b8bb79452ed5b5807da1cf6cc419346d1ecc0d3d8258824f182cea32a96e0c6538ab510c6030d796e4ebcb60e0c9a936d07147942979a5

  • SSDEEP

    3072:wRnLy8MWmJf38TdTa1qXaPIdtXcS77Xd8ZWTnKYN:wpQeRa1k6IPMETd8ZsK8

Malware Config

Targets

    • Target

      8c6f1ac547840ebdb190013853277ff0N.exe

    • Size

      136KB

    • MD5

      8c6f1ac547840ebdb190013853277ff0

    • SHA1

      1fb9da8b94d03702aadc24fd8f66d6b04e34c3ff

    • SHA256

      c005eceaf2103414dc0e55daa5b53ae4ac2f4b2065393fecf69df0afa7db612a

    • SHA512

      e7a4af272c3cb4ce41b8bb79452ed5b5807da1cf6cc419346d1ecc0d3d8258824f182cea32a96e0c6538ab510c6030d796e4ebcb60e0c9a936d07147942979a5

    • SSDEEP

      3072:wRnLy8MWmJf38TdTa1qXaPIdtXcS77Xd8ZWTnKYN:wpQeRa1k6IPMETd8ZsK8

    Score
    3/10
    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      a5b84d250794433db5a2d26f34699dd9

    • SHA1

      bc06abccf6a4783973ec11b6766b43b4a265820c

    • SHA256

      96f3357a024c549d7cb9e6447b1a56a2a8029b4f12e6e597428e68620761c5e0

    • SHA512

      121d67f85a24096799ed913dccb64ef65d9479f98a6d88c2a0e05f05a65f460d557c5fdfe2c42a0a61b9cbaedd9b7031978111a2713250a89848ab4f3bb4ce84

    • SSDEEP

      192:/4lsN55M8r67wmsvJI5a299sfoG8I+WhPB3RY+h/G3DNl/qYcVp/12FgszA:/ysdM80dCI5a2LsQ5IlPNRY00AlAbU

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      7d85b1f619a3023cc693a88f040826d2

    • SHA1

      09f5d32f8143e7e0d9270430708db1b9fc8871a8

    • SHA256

      dc198967b0fb2bc7aaab0886a700c7f4d8cb346c4f9d48b9b220487b0dfe8a18

    • SHA512

      5465804c56d6251bf369609e1b44207b717228a8ac36c7992470b9daf4a231256c0ce95e0b027c4164e62d9656742a56e2b51e9347c8b17ab51ff40f32928c85

    • SSDEEP

      192:IDO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1afgMO:TKAFERdlxhGRYUzqZaf

    Score
    3/10
    • Target

      $PROGRAMFILES/$0/Uninstall.exe

    • Size

      34KB

    • MD5

      c1f3b4477d961597fa6e7d1c04ee4e46

    • SHA1

      bcd5a43bea762e21b26d04939ac6f6a70cb6a606

    • SHA256

      e8dba38c5c9dc0ce0ee3faf5eb044ba49d61559dd349ff631e78818d98519fb7

    • SHA512

      5cc1dec6d540b75526322915b9e923b5e96d2c47076d113d635dbc57ca48477df9430362313377720712aa51e58e385a91502a49fa951260351bca7f8bc49f00

    • SSDEEP

      768:XgUpAudwtjpQaCyMRiNH/buv1dTm61pF/O71mJSC:wUiudwBp3CyM8HsWmJSC

    Score
    7/10
    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      cmtrtxpwv.exe

    • Size

      80KB

    • MD5

      78695b1caee5903fd59e6c5936c31166

    • SHA1

      1f14b33142f0e6758ab25c30e1585508bbaa9504

    • SHA256

      8444b6ec18d08bacd76f239fc09e38a9fd6955362fa364bce2427f9e31c04e9a

    • SHA512

      113f0ce4c6509d474319898448de9350d715f1254eefc519b12da3a56a09ebc2e672deca64e38a1213b34309d6770cfcaaee7343a56bef6fb8498a7dda2153de

    • SSDEEP

      1536:pluSmC5GbKYeUZaoNTMYfeWf01LYLK4Eclop6ctpwIKudIupw:eJC5EheUgoZ2bWREyo4c7wIK3u

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      imex.bat

    • Size

      97B

    • MD5

      85df5904bebc30c9041a158cba771c15

    • SHA1

      5cc4b2e87fe245db8080e13f5749898197263794

    • SHA256

      53ef270f53eb46cc48fbda63ba213ca5e9c383b9f1cc6603b951b91bcf793a4d

    • SHA512

      1cadc5082555e6240e80ffe96e7d6d6265ce25790ba94621679fc90249c532018219ba3776c034294fd89b6177afe0b8d21a09aabd1f9276d8325a7ceb62ac0c

    Score
    7/10
    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks