Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
TrixSetup.exe
-
Size
66.1MB
-
Sample
240814-vqa7qstcrh
-
MD5
ef7b08f71c0f414439d2d2f997ed2822
-
SHA1
2d84038e0c93789ee3e5305c4e95d52ebb9bf773
-
SHA256
1b4c1972c5b1cbdce998fd50a53523da38e7549e3436a5bc0efac56fc590ee85
-
SHA512
d48919cc6123a2ddcc384a81e3268b825486c6f05c0bbc7828fc0c6a3d4ddebbb59cd4c5b58e81c31ab670f1f3730ff5cf6d6317967a15e1cb3ca8741cc3084c
-
SSDEEP
1572864:crziNx5qxi1yj8u1DeLncaevlzcfR8ARu7wi8DCdsfDPQ:Xx5q01IeLcaevpcpFs7tderQ
Malware Config
Targets
-
-
Target
TrixSetup.exe
-
Size
66.1MB
-
MD5
ef7b08f71c0f414439d2d2f997ed2822
-
SHA1
2d84038e0c93789ee3e5305c4e95d52ebb9bf773
-
SHA256
1b4c1972c5b1cbdce998fd50a53523da38e7549e3436a5bc0efac56fc590ee85
-
SHA512
d48919cc6123a2ddcc384a81e3268b825486c6f05c0bbc7828fc0c6a3d4ddebbb59cd4c5b58e81c31ab670f1f3730ff5cf6d6317967a15e1cb3ca8741cc3084c
-
SSDEEP
1572864:crziNx5qxi1yj8u1DeLncaevlzcfR8ARu7wi8DCdsfDPQ:Xx5q01IeLcaevpcpFs7tderQ
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1