Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b39e98716029fad9961399c48c93dc20N.exe

  • Size

    2.6MB

  • Sample

    240821-g91pvaxfqp

  • MD5

    b39e98716029fad9961399c48c93dc20

  • SHA1

    7863d214700f1dd6b8cb1b44fc2171a7e4f22771

  • SHA256

    5a5278a67eac531f9b6c27e2410bf8c008ac9f5204672ec24862312b2d7a5dda

  • SHA512

    e15b771de1629f9d532d2c33678f28af2c87e6aa66f7ce8156dab3d882114ae87eb229f4a962e0314cabea67798a42999c26fc1962b63d67d3d31e0c16198435

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LB/B/bS:sxX7QnxrloE5dpUpcb

Malware Config

Targets

    • Target

      b39e98716029fad9961399c48c93dc20N.exe

    • Size

      2.6MB

    • MD5

      b39e98716029fad9961399c48c93dc20

    • SHA1

      7863d214700f1dd6b8cb1b44fc2171a7e4f22771

    • SHA256

      5a5278a67eac531f9b6c27e2410bf8c008ac9f5204672ec24862312b2d7a5dda

    • SHA512

      e15b771de1629f9d532d2c33678f28af2c87e6aa66f7ce8156dab3d882114ae87eb229f4a962e0314cabea67798a42999c26fc1962b63d67d3d31e0c16198435

    • SSDEEP

      49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LB/B/bS:sxX7QnxrloE5dpUpcb

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks