Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ReYANG-Windows.zip
-
Size
21.9MB
-
Sample
240802-xy8t3s1gjc
-
MD5
cb6f760fafcf53f2a4d9ec3147d3b119
-
SHA1
c1b85cecab3df756e98182d4d143edf087d06b96
-
SHA256
37a92b5362625aa291363d8e37f6a7cfff572c23634dd9e02e20b272507893c6
-
SHA512
98543f8ec9698748c69c6fc034eceddff8bb17191b86b91e4b4af8ead0a8121408935df2003025ef204fe6d34e3b9fc740bdc3d896108b6ff1f6e86635c4be47
-
SSDEEP
393216:Ivw4wK/gsrlVwgqI59D8exrbwANXl942B2nWy7O9X8aUlVqQ+1f5c6wSLyA:IoVKrR5qI59woPXlpBOZwMaU3U1VbLyA
Malware Config
Targets
-
-
Target
re-yang-win.exe
-
Size
44.2MB
-
MD5
77b7d74832aadde63f80721f094ca67d
-
SHA1
4802f835da9e939aef08be0a841b3be8ee947489
-
SHA256
08a04b950c6031066e2e4ad246b25baef1c48c6227a75060e4ca6cbf440a629b
-
SHA512
835ced24cd77e84862506a026375ed21570f98abcaf590420720b78098fe210f1056258ccd56ed7a569eef4cd6be71eb871ff1d34006037e57fd0a0ceeb85d00
-
SSDEEP
393216:f1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfi:fMguj8Q4VfvLqFTrYw3WLXPhid+Vl
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Contacts a large (959) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1