Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    AsProgrammeroutprotected.exe

  • Size

    34.7MB

  • Sample

    240904-rmda5stalf

  • MD5

    969e5d2784440716dc2561999ad03e4a

  • SHA1

    0f62361615c6504e14e1e12a138c3f7f9fb5ec35

  • SHA256

    522f8ba52ee45fdab6f7cfce51c27c4ef0351438a4d20fa18a302efd4c9aa2db

  • SHA512

    d39449678016713b922beda3a7d766065b3afdcc3b4f6d07600ce19f404da70dff9cf9f8444cdeab2c58db3bbe2110ce80cca18bdf0362bdb6f4597bbd40d7d2

  • SSDEEP

    786432:Vu+a9UsWGhsFu7REPVxHl8DZ4ZYVyqJ5u/US:wRfl+PbFsdVyq+cS

Malware Config

Targets

    • Target

      AsProgrammeroutprotected.exe

    • Size

      34.7MB

    • MD5

      969e5d2784440716dc2561999ad03e4a

    • SHA1

      0f62361615c6504e14e1e12a138c3f7f9fb5ec35

    • SHA256

      522f8ba52ee45fdab6f7cfce51c27c4ef0351438a4d20fa18a302efd4c9aa2db

    • SHA512

      d39449678016713b922beda3a7d766065b3afdcc3b4f6d07600ce19f404da70dff9cf9f8444cdeab2c58db3bbe2110ce80cca18bdf0362bdb6f4597bbd40d7d2

    • SSDEEP

      786432:Vu+a9UsWGhsFu7REPVxHl8DZ4ZYVyqJ5u/US:wRfl+PbFsdVyq+cS

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks