Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    db00276d6303371ff33d01daca3daf00N.exe

  • Size

    2.6MB

  • Sample

    240904-cl4pdatarj

  • MD5

    db00276d6303371ff33d01daca3daf00

  • SHA1

    04f3de19e7f96461bc5af303908cd0f7af4103bd

  • SHA256

    bf85caf1ad972fed65bbc29ab85243f8dc0172792b5002e6fc8630abb71b1c8c

  • SHA512

    e90ceaf4b44e82c88b07ce420f6135e72bc70e95772cdeee7262e7e9f75d7fdef3fe253117373e9c3a1e24a1ebd4a726363f437f74c8c2d552bbcd8f156691a1

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBFB/bS:sxX7QnxrloE5dpUpib

Malware Config

Targets

    • Target

      db00276d6303371ff33d01daca3daf00N.exe

    • Size

      2.6MB

    • MD5

      db00276d6303371ff33d01daca3daf00

    • SHA1

      04f3de19e7f96461bc5af303908cd0f7af4103bd

    • SHA256

      bf85caf1ad972fed65bbc29ab85243f8dc0172792b5002e6fc8630abb71b1c8c

    • SHA512

      e90ceaf4b44e82c88b07ce420f6135e72bc70e95772cdeee7262e7e9f75d7fdef3fe253117373e9c3a1e24a1ebd4a726363f437f74c8c2d552bbcd8f156691a1

    • SSDEEP

      49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBFB/bS:sxX7QnxrloE5dpUpib

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks