Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c4c9da8e9c193c266bb3bc2183852e60N.exe

  • Size

    2.6MB

  • Sample

    240820-khf3xasdld

  • MD5

    c4c9da8e9c193c266bb3bc2183852e60

  • SHA1

    796ccbe796a3c93db3267d85ba0e45c70263263c

  • SHA256

    39586ec3d0ac7905f6efdc22a48dc97825d665fa23bd736ca67d02be2c2307c3

  • SHA512

    65e30ab5b575cc816bec19ef6a74728ce0853b8d1b8f109f5e1f21d5ad354958d6becc949bff989ac824a9bddfa141d8ec311b459c1901f3ff19d1140ee23335

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBIB/bS:sxX7QnxrloE5dpUpnb

Malware Config

Targets

    • Target

      c4c9da8e9c193c266bb3bc2183852e60N.exe

    • Size

      2.6MB

    • MD5

      c4c9da8e9c193c266bb3bc2183852e60

    • SHA1

      796ccbe796a3c93db3267d85ba0e45c70263263c

    • SHA256

      39586ec3d0ac7905f6efdc22a48dc97825d665fa23bd736ca67d02be2c2307c3

    • SHA512

      65e30ab5b575cc816bec19ef6a74728ce0853b8d1b8f109f5e1f21d5ad354958d6becc949bff989ac824a9bddfa141d8ec311b459c1901f3ff19d1140ee23335

    • SSDEEP

      49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBIB/bS:sxX7QnxrloE5dpUpnb

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks