Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    source_prepared.exe

  • Size

    30.1MB

  • Sample

    240805-qjzjja1brd

  • MD5

    b6c2d1f205433144fe1f63206a04e666

  • SHA1

    e9afa12df6a9104b39e6e6d5a5b38dc6555bae48

  • SHA256

    114880dba41978dd82378f3ca0ac0084c8c9f9e15d7a1d60743d513e5a891c7d

  • SHA512

    d1cb998e72768cfcbe90a58430513db5955838536af48dbd913a444625b65ec84a659ff038998b4044caaaaa66a6122775ec6def6eac7bfca72f325bde34a900

  • SSDEEP

    786432:R9Z9zpKGQokRG5cw7vDrzcY87hL9XUk4v/EW8A2c5BqK511YeIX9:Hvl9QokA5cw7vzE7n5zWYwqbeIX

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      30.1MB

    • MD5

      b6c2d1f205433144fe1f63206a04e666

    • SHA1

      e9afa12df6a9104b39e6e6d5a5b38dc6555bae48

    • SHA256

      114880dba41978dd82378f3ca0ac0084c8c9f9e15d7a1d60743d513e5a891c7d

    • SHA512

      d1cb998e72768cfcbe90a58430513db5955838536af48dbd913a444625b65ec84a659ff038998b4044caaaaa66a6122775ec6def6eac7bfca72f325bde34a900

    • SSDEEP

      786432:R9Z9zpKGQokRG5cw7vDrzcY87hL9XUk4v/EW8A2c5BqK511YeIX9:Hvl9QokA5cw7vzE7n5zWYwqbeIX

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      discord_token_grabber.pyc

    • Size

      8KB

    • MD5

      05b1abcf2b8f1457cee0f078bdbb04f0

    • SHA1

      ce070d54e1d54ffd6c4d96b616f21b7466a062c7

    • SHA256

      2e82faaefa817254cf2a9d5149e3c36c04c3e09aca0bcc1a4e4fa894e137c1b1

    • SHA512

      5af2746296f191af559639b1c5463993e8c4fb25ef945677142a6a02486e6670669eb5a5bdd4c163f1bdd8bd35a7bb8998bbf32e4d0fe9d35db379cf80159a57

    • SSDEEP

      192:iQR8Lslmujbwybyo5HptlYwqJFD7U6r18ZPuNz:vNmcwcpt+D7Ua18uz

    Score
    3/10
    • Target

      get_cookies.pyc

    • Size

      5KB

    • MD5

      ab0f8084441f8312bffc9d26193967ab

    • SHA1

      82b9c1c9cd1f5a38ac2b415a96c88ce99d27455a

    • SHA256

      6f67d11524ed42b8990be66aed829232514b364746fdceea30e0213204427be4

    • SHA512

      1722dfe7200b5f8fef0cfc4188953621630c7ee8672586490b9309a40512eb7f99fc56ffe52f6a0970809a38e3bdd8ce1862ba6803fe6d09bdfacda1b3fe1732

    • SSDEEP

      96:4Q0jzMv/ppR+xVBcnqhLchLPxrpTkBWeBDFZcj3KldyzoZ:sSZYXPhYhLP12zij3KnyA

    Score
    3/10
    • Target

      misc.pyc

    • Size

      2KB

    • MD5

      5bff7de9304595611b9deeea55076bd3

    • SHA1

      ae5fd2f3fbac4b0587140ab41b30c4d3da286c75

    • SHA256

      39c73d32dce8fe34f56ca6fce56ae54ca99456c49fa04c949a45ca7d8e7355d9

    • SHA512

      4cb8277d8c02380679bcc19ec6cba2dae37b24058116e08cfec30f95a158c1c3b45590c79665ace9abbeda277f1f39be1e806fd90c8dae9a3c44cd69d1157679

    Score
    3/10
    • Target

      passwords_grabber.pyc

    • Size

      4KB

    • MD5

      dbd5603fbc95768a5f3f45e6e1f7f109

    • SHA1

      b1fa1a73c1e9e0ee63cccf5a81210a8aa39bf40a

    • SHA256

      657361e158e5b5d76cf2b615d58c7c34de2d06d40f1c049c0757019fadab5e13

    • SHA512

      310aabd4b5ef007faaaac149ea5b182c20eb3db2ea576e1039fc86d8ed5bb7e63b437d10c2c876ab40a0f9f7782dbfc5804d02cf12a0d74d9b1fe5b1a9a035d5

    • SSDEEP

      96:4APDnTWeYwD86gWxS6679kZOyfkoXyWQUUEXtH0lLCvpW1mhs0:FzCUD/S6UyRkpoUEKlLz1m+0

    Score
    3/10
    • Target

      source_prepared.pyc

    • Size

      56KB

    • MD5

      d417cf2665ea7525a7a0230638613503

    • SHA1

      33d0c1641810a0c91268cf9f62554d51700ff433

    • SHA256

      df1224e9226f84a21fe70cd68313d88e01bcbbbd00684a65c6c9ffe5c1184359

    • SHA512

      ae2cb60c031b391c787cfab468f7bbe46ec206ef48b990ae4745458f1df185853bd781bb89c714aa97af0239ce06f627f8a4cb30f4e2cca9dc6039bda97a02f0

    • SSDEEP

      768:hRVKq+o/bNhUr+kqo+E7YbI1xr/1P36gzQ/yx55A9xSXBLLAvoDu3++HaR:hRvzM+tfEVxrtLzQ/yx5maXAvoYJW

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks