Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    genarox_v4.3.exe

  • Size

    6.0MB

  • Sample

    240807-q769aazapr

  • MD5

    8edf5fc1a60cbe2dd9ecbed6e23b8852

  • SHA1

    ac5f87d92424adeaa93e7d260cf74ea1ac78396c

  • SHA256

    d88413ba487697b6b7961c13773a89fb1ebf1c1845c5bd40a28105030bf04bba

  • SHA512

    f7fbbf7cdab4876650fe8e197b6685765f2ab13ff1a7bf51c7c58b30f32d1cbad9ff57192cb4bb0c527bfa6a4075a6aff5482b34779b386400cba90c0b0d1e2c

  • SSDEEP

    98304:DBEtdFBGQamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzcEgsRuGK4RDOuAKJRYNyf:DAFExeN/FJMIDJfIEgsAGK4RCuAKJeUf

Malware Config

Targets

    • Target

      genarox_v4.3.exe

    • Size

      6.0MB

    • MD5

      8edf5fc1a60cbe2dd9ecbed6e23b8852

    • SHA1

      ac5f87d92424adeaa93e7d260cf74ea1ac78396c

    • SHA256

      d88413ba487697b6b7961c13773a89fb1ebf1c1845c5bd40a28105030bf04bba

    • SHA512

      f7fbbf7cdab4876650fe8e197b6685765f2ab13ff1a7bf51c7c58b30f32d1cbad9ff57192cb4bb0c527bfa6a4075a6aff5482b34779b386400cba90c0b0d1e2c

    • SSDEEP

      98304:DBEtdFBGQamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzcEgsRuGK4RDOuAKJRYNyf:DAFExeN/FJMIDJfIEgsAGK4RCuAKJeUf

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks