Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5585e951255d9602322e48f40f8b3330N.exe

  • Size

    2.6MB

  • Sample

    240905-wd1gjaweln

  • MD5

    5585e951255d9602322e48f40f8b3330

  • SHA1

    fe97e6c37866e88ab046d516c2a552913eb707dc

  • SHA256

    7015ec6a29c8f8fed1c7806bb2b9ef24a56f0b935a5175a809c6d2e754a944a8

  • SHA512

    6ee178ed2cfc5a82893b20d0ac5d9dbf3c6fcf789e607739a19836272111ca2891554cdf458946c2dbcd55c1d06d7089ce22269aac11649f642987e1276a1013

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBBB/bS:sxX7QnxrloE5dpUpSb

Malware Config

Targets

    • Target

      5585e951255d9602322e48f40f8b3330N.exe

    • Size

      2.6MB

    • MD5

      5585e951255d9602322e48f40f8b3330

    • SHA1

      fe97e6c37866e88ab046d516c2a552913eb707dc

    • SHA256

      7015ec6a29c8f8fed1c7806bb2b9ef24a56f0b935a5175a809c6d2e754a944a8

    • SHA512

      6ee178ed2cfc5a82893b20d0ac5d9dbf3c6fcf789e607739a19836272111ca2891554cdf458946c2dbcd55c1d06d7089ce22269aac11649f642987e1276a1013

    • SSDEEP

      49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBBB/bS:sxX7QnxrloE5dpUpSb

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks