Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    TrixSetup.exe

  • Size

    66.1MB

  • Sample

    240814-vqa7qstcrh

  • MD5

    ef7b08f71c0f414439d2d2f997ed2822

  • SHA1

    2d84038e0c93789ee3e5305c4e95d52ebb9bf773

  • SHA256

    1b4c1972c5b1cbdce998fd50a53523da38e7549e3436a5bc0efac56fc590ee85

  • SHA512

    d48919cc6123a2ddcc384a81e3268b825486c6f05c0bbc7828fc0c6a3d4ddebbb59cd4c5b58e81c31ab670f1f3730ff5cf6d6317967a15e1cb3ca8741cc3084c

  • SSDEEP

    1572864:crziNx5qxi1yj8u1DeLncaevlzcfR8ARu7wi8DCdsfDPQ:Xx5q01IeLcaevpcpFs7tderQ

Malware Config

Targets

    • Target

      TrixSetup.exe

    • Size

      66.1MB

    • MD5

      ef7b08f71c0f414439d2d2f997ed2822

    • SHA1

      2d84038e0c93789ee3e5305c4e95d52ebb9bf773

    • SHA256

      1b4c1972c5b1cbdce998fd50a53523da38e7549e3436a5bc0efac56fc590ee85

    • SHA512

      d48919cc6123a2ddcc384a81e3268b825486c6f05c0bbc7828fc0c6a3d4ddebbb59cd4c5b58e81c31ab670f1f3730ff5cf6d6317967a15e1cb3ca8741cc3084c

    • SSDEEP

      1572864:crziNx5qxi1yj8u1DeLncaevlzcfR8ARu7wi8DCdsfDPQ:Xx5q01IeLcaevpcpFs7tderQ

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks