Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-08-03_834c9b268971af43fc2d7093cfc98ed4_magniber_qakbot

  • Size

    4.7MB

  • Sample

    240803-jmqx8s1gnb

  • MD5

    834c9b268971af43fc2d7093cfc98ed4

  • SHA1

    def003436af1719b472b2fe8be18e5ad5a29b16b

  • SHA256

    44ab3c25a3e341da85a1549854ae2543655a6c098a347bc4019d95aebfbabeaa

  • SHA512

    36d46d9463c9047e58899206a921fd11186518b9c4b1ce1f5147ce76b9876fe0eba230edb9f1586dd29ba32a96ddfc80f5d0453efcc60a3fc8935b183500857d

  • SSDEEP

    98304:ofAgoCBa1bPIjilX6S3cMtSLG8aoSiOiicPyK3O7AFp7lb:sboCByweogccYOiv6AgAFp7lb

Malware Config

Targets

    • Target

      2024-08-03_834c9b268971af43fc2d7093cfc98ed4_magniber_qakbot

    • Size

      4.7MB

    • MD5

      834c9b268971af43fc2d7093cfc98ed4

    • SHA1

      def003436af1719b472b2fe8be18e5ad5a29b16b

    • SHA256

      44ab3c25a3e341da85a1549854ae2543655a6c098a347bc4019d95aebfbabeaa

    • SHA512

      36d46d9463c9047e58899206a921fd11186518b9c4b1ce1f5147ce76b9876fe0eba230edb9f1586dd29ba32a96ddfc80f5d0453efcc60a3fc8935b183500857d

    • SSDEEP

      98304:ofAgoCBa1bPIjilX6S3cMtSLG8aoSiOiicPyK3O7AFp7lb:sboCByweogccYOiv6AgAFp7lb

    • Renames multiple (6024) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks