Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
mbfGzh2SXyEssk69O1pooTeBx6ZtZO.exe
-
Size
54.0MB
-
Sample
240829-xxql4syekl
-
MD5
2a8bad0438cb42d897d62047456a066f
-
SHA1
45316204c3630a5ae140cc1dec25465de13fc06e
-
SHA256
438031d92889717a781680bd7bd68533a5fb1a84e22afa5cbec99fce32b0fe0b
-
SHA512
4c7e6fde8c3f4b14e7600f4fb7cfc2fa4cdc365cad79111d0f23cb1c648eb69575e3285c8cfc71c9ee3210aceb7023d46ad26c10ae591e22db3bd09e13fe1e5f
-
SSDEEP
1572864:bxB7vFQqMrlpA+Ql4Jd0xTivfSioqQZkC7h:bxBJyklm0xen1o2K
Static task
static1
Behavioral task
behavioral1
Sample
mbfGzh2SXyEssk69O1pooTeBx6ZtZO.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
mbfGzh2SXyEssk69O1pooTeBx6ZtZO.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
mbfGzh2SXyEssk69O1pooTeBx6ZtZO.exe
-
Size
54.0MB
-
MD5
2a8bad0438cb42d897d62047456a066f
-
SHA1
45316204c3630a5ae140cc1dec25465de13fc06e
-
SHA256
438031d92889717a781680bd7bd68533a5fb1a84e22afa5cbec99fce32b0fe0b
-
SHA512
4c7e6fde8c3f4b14e7600f4fb7cfc2fa4cdc365cad79111d0f23cb1c648eb69575e3285c8cfc71c9ee3210aceb7023d46ad26c10ae591e22db3bd09e13fe1e5f
-
SSDEEP
1572864:bxB7vFQqMrlpA+Ql4Jd0xTivfSioqQZkC7h:bxBJyklm0xen1o2K
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops startup file
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3