Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    logged+(2).exe

  • Size

    68.8MB

  • Sample

    240823-r3t9lasfkr

  • MD5

    131a0331ce53f9e6a759f58bd721a8ae

  • SHA1

    792abb2103c475a799a1bf50ab23fc2f047e4a0d

  • SHA256

    1776b224ac32cc73773edf950cf7cb07203b4ca966d08f18c7025c5c6d267074

  • SHA512

    113d649f49d1297562ddd8d8caec6bc23d4a8ffc9ad7055130e805bc1e7ec26462f64a872d64edbbfd50c9b9189f6fd2915e7ff83ab551d6e8caccb12a426d69

  • SSDEEP

    1572864:jWcgp8eLX5WJoWbgWRSgkNOXWxtQSNLiIc3yxpzWSmaZrQEC:jlgOYX5M3gbcKCmc3gWlaZrb

Malware Config

Targets

    • Target

      logged+(2).exe

    • Size

      68.8MB

    • MD5

      131a0331ce53f9e6a759f58bd721a8ae

    • SHA1

      792abb2103c475a799a1bf50ab23fc2f047e4a0d

    • SHA256

      1776b224ac32cc73773edf950cf7cb07203b4ca966d08f18c7025c5c6d267074

    • SHA512

      113d649f49d1297562ddd8d8caec6bc23d4a8ffc9ad7055130e805bc1e7ec26462f64a872d64edbbfd50c9b9189f6fd2915e7ff83ab551d6e8caccb12a426d69

    • SSDEEP

      1572864:jWcgp8eLX5WJoWbgWRSgkNOXWxtQSNLiIc3yxpzWSmaZrQEC:jlgOYX5M3gbcKCmc3gWlaZrb

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks