Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Build.exe
-
Size
228KB
-
Sample
240817-p8hrmszbqj
-
MD5
71ddf8513d766ad7609183f9ab38a58b
-
SHA1
a5b1ad7cd743efd65f2bc21d3f2189321397d63c
-
SHA256
fdd31714436d0feb6195b4a2affe04c143890518eb36d190af1cc930b1c57e9f
-
SHA512
9bf5ce015ba7ddad390b263a8b1d8b38de0e511ca50af408b7bbfa6a3a41869db82cbc3e9d41c60fe6e9cfb9a5e0c9aa3579e3af6673fba9ef5787293b15ce7e
-
SSDEEP
6144:RPTRtufdY7vzXpjYgV53GUEMlqJ8eFNLB+y:MG7vzZXW+4NI
Static task
static1
Behavioral task
behavioral1
Sample
Build.exe
Resource
win7-20240705-en
Malware Config
Targets
-
-
Target
Build.exe
-
Size
228KB
-
MD5
71ddf8513d766ad7609183f9ab38a58b
-
SHA1
a5b1ad7cd743efd65f2bc21d3f2189321397d63c
-
SHA256
fdd31714436d0feb6195b4a2affe04c143890518eb36d190af1cc930b1c57e9f
-
SHA512
9bf5ce015ba7ddad390b263a8b1d8b38de0e511ca50af408b7bbfa6a3a41869db82cbc3e9d41c60fe6e9cfb9a5e0c9aa3579e3af6673fba9ef5787293b15ce7e
-
SSDEEP
6144:RPTRtufdY7vzXpjYgV53GUEMlqJ8eFNLB+y:MG7vzZXW+4NI
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Deletes itself
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1