Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Build.exe

  • Size

    228KB

  • Sample

    240817-p8hrmszbqj

  • MD5

    71ddf8513d766ad7609183f9ab38a58b

  • SHA1

    a5b1ad7cd743efd65f2bc21d3f2189321397d63c

  • SHA256

    fdd31714436d0feb6195b4a2affe04c143890518eb36d190af1cc930b1c57e9f

  • SHA512

    9bf5ce015ba7ddad390b263a8b1d8b38de0e511ca50af408b7bbfa6a3a41869db82cbc3e9d41c60fe6e9cfb9a5e0c9aa3579e3af6673fba9ef5787293b15ce7e

  • SSDEEP

    6144:RPTRtufdY7vzXpjYgV53GUEMlqJ8eFNLB+y:MG7vzZXW+4NI

Malware Config

Targets

    • Target

      Build.exe

    • Size

      228KB

    • MD5

      71ddf8513d766ad7609183f9ab38a58b

    • SHA1

      a5b1ad7cd743efd65f2bc21d3f2189321397d63c

    • SHA256

      fdd31714436d0feb6195b4a2affe04c143890518eb36d190af1cc930b1c57e9f

    • SHA512

      9bf5ce015ba7ddad390b263a8b1d8b38de0e511ca50af408b7bbfa6a3a41869db82cbc3e9d41c60fe6e9cfb9a5e0c9aa3579e3af6673fba9ef5787293b15ce7e

    • SSDEEP

      6144:RPTRtufdY7vzXpjYgV53GUEMlqJ8eFNLB+y:MG7vzZXW+4NI

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks