Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

18/08/2024, 23:39

240818-3nplcavclq 10

18/08/2024, 23:37

240818-3maqss1ekg 10

18/08/2024, 23:21

240818-3b7w6atekq 10

General

  • Target

    2024-08-18_221cb4b58df385e30145f2cda2423c66_poet-rat_snatch

  • Size

    14.0MB

  • Sample

    240818-3maqss1ekg

  • MD5

    221cb4b58df385e30145f2cda2423c66

  • SHA1

    d16756fb4a42d8d32b72f71cd7d2ad20b073d511

  • SHA256

    b1722e1e2bed853593c0d32777593a352901f7d4f670bd06dc0af4b9937da2d7

  • SHA512

    0bf2e7e714b40706f078210229601f8d6ceeebcf8a89ba123aa38aa3c7b1b493911916cc54ed657bf4bcf8d2a8b6ab4da09148d64000d98bcdcad23aadf00b9c

  • SSDEEP

    196608:5sWQx346uoeXYk8TmIhI0bQ+ko9gvK9aXFFT:52xooKZ8TmsI00+kzvfz

Malware Config

Targets

    • Target

      2024-08-18_221cb4b58df385e30145f2cda2423c66_poet-rat_snatch

    • Size

      14.0MB

    • MD5

      221cb4b58df385e30145f2cda2423c66

    • SHA1

      d16756fb4a42d8d32b72f71cd7d2ad20b073d511

    • SHA256

      b1722e1e2bed853593c0d32777593a352901f7d4f670bd06dc0af4b9937da2d7

    • SHA512

      0bf2e7e714b40706f078210229601f8d6ceeebcf8a89ba123aa38aa3c7b1b493911916cc54ed657bf4bcf8d2a8b6ab4da09148d64000d98bcdcad23aadf00b9c

    • SSDEEP

      196608:5sWQx346uoeXYk8TmIhI0bQ+ko9gvK9aXFFT:52xooKZ8TmsI00+kzvfz

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Modifies Windows Firewall

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks