Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ReYANG-Windows.zip

  • Size

    21.9MB

  • Sample

    240802-xy8t3s1gjc

  • MD5

    cb6f760fafcf53f2a4d9ec3147d3b119

  • SHA1

    c1b85cecab3df756e98182d4d143edf087d06b96

  • SHA256

    37a92b5362625aa291363d8e37f6a7cfff572c23634dd9e02e20b272507893c6

  • SHA512

    98543f8ec9698748c69c6fc034eceddff8bb17191b86b91e4b4af8ead0a8121408935df2003025ef204fe6d34e3b9fc740bdc3d896108b6ff1f6e86635c4be47

  • SSDEEP

    393216:Ivw4wK/gsrlVwgqI59D8exrbwANXl942B2nWy7O9X8aUlVqQ+1f5c6wSLyA:IoVKrR5qI59woPXlpBOZwMaU3U1VbLyA

Malware Config

Targets

    • Target

      re-yang-win.exe

    • Size

      44.2MB

    • MD5

      77b7d74832aadde63f80721f094ca67d

    • SHA1

      4802f835da9e939aef08be0a841b3be8ee947489

    • SHA256

      08a04b950c6031066e2e4ad246b25baef1c48c6227a75060e4ca6cbf440a629b

    • SHA512

      835ced24cd77e84862506a026375ed21570f98abcaf590420720b78098fe210f1056258ccd56ed7a569eef4cd6be71eb871ff1d34006037e57fd0a0ceeb85d00

    • SSDEEP

      393216:f1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfi:fMguj8Q4VfvLqFTrYw3WLXPhid+Vl

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Contacts a large (959) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.