Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ReYANG-Windows.zip

  • Size

    21.9MB

  • Sample

    240802-xy8t3s1gjc

  • MD5

    cb6f760fafcf53f2a4d9ec3147d3b119

  • SHA1

    c1b85cecab3df756e98182d4d143edf087d06b96

  • SHA256

    37a92b5362625aa291363d8e37f6a7cfff572c23634dd9e02e20b272507893c6

  • SHA512

    98543f8ec9698748c69c6fc034eceddff8bb17191b86b91e4b4af8ead0a8121408935df2003025ef204fe6d34e3b9fc740bdc3d896108b6ff1f6e86635c4be47

  • SSDEEP

    393216:Ivw4wK/gsrlVwgqI59D8exrbwANXl942B2nWy7O9X8aUlVqQ+1f5c6wSLyA:IoVKrR5qI59woPXlpBOZwMaU3U1VbLyA

Malware Config

Targets

    • Target

      re-yang-win.exe

    • Size

      44.2MB

    • MD5

      77b7d74832aadde63f80721f094ca67d

    • SHA1

      4802f835da9e939aef08be0a841b3be8ee947489

    • SHA256

      08a04b950c6031066e2e4ad246b25baef1c48c6227a75060e4ca6cbf440a629b

    • SHA512

      835ced24cd77e84862506a026375ed21570f98abcaf590420720b78098fe210f1056258ccd56ed7a569eef4cd6be71eb871ff1d34006037e57fd0a0ceeb85d00

    • SSDEEP

      393216:f1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfi:fMguj8Q4VfvLqFTrYw3WLXPhid+Vl

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Contacts a large (959) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks