Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    240828-vwzghsxekd

  • MD5

    e3a08541070dcb1f4fe7d82af869c3bc

  • SHA1

    6b4ad3774d42d4eead3f0a63a8afcfdf559bb557

  • SHA256

    75f3aeb4ec5be62e718a0f3c32463af4d055a09151a3c79b16afb1daa6f537bb

  • SHA512

    7d0a9b0b7460a6c9e2570a3c7cd352a7a81a4174bafdc78ce089647b5579590fd98221d175c682b114482c26685b0d7aa5d5cc9f2cf9405110195d5ca2089949

  • SSDEEP

    24576:XNPRWzRyOt2F2qXR25d8L0yFlmxYG7Kf/2C9:XNwn2FNR2XkyGX2C

Malware Config

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      e3a08541070dcb1f4fe7d82af869c3bc

    • SHA1

      6b4ad3774d42d4eead3f0a63a8afcfdf559bb557

    • SHA256

      75f3aeb4ec5be62e718a0f3c32463af4d055a09151a3c79b16afb1daa6f537bb

    • SHA512

      7d0a9b0b7460a6c9e2570a3c7cd352a7a81a4174bafdc78ce089647b5579590fd98221d175c682b114482c26685b0d7aa5d5cc9f2cf9405110195d5ca2089949

    • SSDEEP

      24576:XNPRWzRyOt2F2qXR25d8L0yFlmxYG7Kf/2C9:XNwn2FNR2XkyGX2C

    • Meduza

      Meduza is a crypto wallet and info stealer written in C++.

    • Meduza Stealer payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks