Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d5fc2290b834e2afe0c28835224182a678c74ae058f7e578d25e729bbfa1d98a.exe

  • Size

    1.7MB

  • Sample

    240810-b6wzlatgra

  • MD5

    2a4a39e6166cad7577b81c33bba269ea

  • SHA1

    2fa5a435112cd4a03d03424cee2e56c3d54d6b38

  • SHA256

    d5fc2290b834e2afe0c28835224182a678c74ae058f7e578d25e729bbfa1d98a

  • SHA512

    4e1959c5f64cfaa002dc3a29d7d7cc862fd0ade383f9ecd4180e4785ed850ef47fd66603ac124a57763bdeb971c9da47b074a2670af43ef734bf794a42cff0c4

  • SSDEEP

    24576:z9Yvwup4OvwkeCbff43B4uE61VM0V+oOtq+G8ZYXDBm75/6s7aa:z9YVp4SvN4KubVZOt9G82Xc7p

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    gator3220.hostgator.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    RaF5@@ts7^d?AE_grv4fhZ!!

Targets

    • Target

      d5fc2290b834e2afe0c28835224182a678c74ae058f7e578d25e729bbfa1d98a.exe

    • Size

      1.7MB

    • MD5

      2a4a39e6166cad7577b81c33bba269ea

    • SHA1

      2fa5a435112cd4a03d03424cee2e56c3d54d6b38

    • SHA256

      d5fc2290b834e2afe0c28835224182a678c74ae058f7e578d25e729bbfa1d98a

    • SHA512

      4e1959c5f64cfaa002dc3a29d7d7cc862fd0ade383f9ecd4180e4785ed850ef47fd66603ac124a57763bdeb971c9da47b074a2670af43ef734bf794a42cff0c4

    • SSDEEP

      24576:z9Yvwup4OvwkeCbff43B4uE61VM0V+oOtq+G8ZYXDBm75/6s7aa:z9YVp4SvN4KubVZOt9G82Xc7p

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks