Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    08bd364f006ecda3b0760d7cbf107a23073529c5e863d6b1521a0612163d0a61.exe

  • Size

    136KB

  • Sample

    240803-bd7wdsxfkn

  • MD5

    a5c0af52fdb53b6e451736bc3287503d

  • SHA1

    63bc7dce786d3c83783749c700bfda7871f91f1c

  • SHA256

    08bd364f006ecda3b0760d7cbf107a23073529c5e863d6b1521a0612163d0a61

  • SHA512

    390fe917b400a472c880c1cefa4ce6f9ed7cda77395365336d6ff4d76827e13eaa1a4ca8a653f73d442cde8c2b51fa17f9c5e566f3f0468abc66604ea21fc723

  • SSDEEP

    3072:x91uZu1iQl0Mep53PKuc7FsTYJ0Fwcl8mcjbuD:x3iMepVPv6mEZfjbU

Malware Config

Targets

    • Target

      08bd364f006ecda3b0760d7cbf107a23073529c5e863d6b1521a0612163d0a61.exe

    • Size

      136KB

    • MD5

      a5c0af52fdb53b6e451736bc3287503d

    • SHA1

      63bc7dce786d3c83783749c700bfda7871f91f1c

    • SHA256

      08bd364f006ecda3b0760d7cbf107a23073529c5e863d6b1521a0612163d0a61

    • SHA512

      390fe917b400a472c880c1cefa4ce6f9ed7cda77395365336d6ff4d76827e13eaa1a4ca8a653f73d442cde8c2b51fa17f9c5e566f3f0468abc66604ea21fc723

    • SSDEEP

      3072:x91uZu1iQl0Mep53PKuc7FsTYJ0Fwcl8mcjbuD:x3iMepVPv6mEZfjbU

    • Renames multiple (5240) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks