Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    qyd priv.rar

  • Size

    52.9MB

  • Sample

    240911-ws75xsvhkf

  • MD5

    5e42ae42fd9f077310b3499d2a2958c7

  • SHA1

    b100d4824f45696294f74cd0f344cb1937b63316

  • SHA256

    8a5658fe5aae0d3c0d9c882a2c212ec855f6059a438ca9382430f06ab7ea08fd

  • SHA512

    8c4032d4b5d2b02aaf9f732eb09f9b8301ed47627f1f994d83e34a1cc7de26ddafa00d6b65594e56fbd205f76d5bbd6de33963783c5636ac28f907f7518756db

  • SSDEEP

    1572864:xKdZhPvICyqLtk2Id8abVfhUdo8gcwuM72q+whGZnV:xKBnYolIdPbVpuo8gB2q9hGJV

Malware Config

Targets

    • Target

      qyd priv.rar

    • Size

      52.9MB

    • MD5

      5e42ae42fd9f077310b3499d2a2958c7

    • SHA1

      b100d4824f45696294f74cd0f344cb1937b63316

    • SHA256

      8a5658fe5aae0d3c0d9c882a2c212ec855f6059a438ca9382430f06ab7ea08fd

    • SHA512

      8c4032d4b5d2b02aaf9f732eb09f9b8301ed47627f1f994d83e34a1cc7de26ddafa00d6b65594e56fbd205f76d5bbd6de33963783c5636ac28f907f7518756db

    • SSDEEP

      1572864:xKdZhPvICyqLtk2Id8abVfhUdo8gcwuM72q+whGZnV:xKBnYolIdPbVpuo8gB2q9hGJV

    Score
    3/10
    • Target

      qyd priv pred/READ ME.txt

    • Size

      1KB

    • MD5

      f8c33fbdf52fac5f85dd135e4ed4757c

    • SHA1

      0872e2c4b094c6df92fe256b08fca945b6b831ee

    • SHA256

      799c1cc306480bc26cc1d68ae4f4173ce0f2768f11bcb491e112a413680e4fff

    • SHA512

      4ca883de262660ddd8e65d61f858cc40466cc70451de9ec2537e39bc400724f6584edced44c21045f23e6eee5415708050eee78b426dba6e0d3b288902c909b7

    Score
    1/10
    • Target

      qyd priv pred/qpred-setup.exe

    • Size

      83.3MB

    • MD5

      53e4003e2f973d76d725327f9a00374c

    • SHA1

      396988c2a64b24f82c16b075430acfef8fb2e45b

    • SHA256

      b17cb39f3d9da2e11a0f098e075fbd104327cbcf2143ccee63fb1510810a9d09

    • SHA512

      0e45f43153c4ea80a50fffd1a29ff953d589f30f0f0866a05a3e7f594bc95e8f8b579d24f48c397d3e871df280abb1eacccd65b39447cbf9d0d33d14e42f7bda

    • SSDEEP

      1572864:IKB7vFQqMrlpA+Ql4OdHxTivfSioqiASrrIo:IKBJykl9Hxen1obr0

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      loader-o.pyc

    • Size

      61KB

    • MD5

      4da1c2751b1ab14235592b98665387e3

    • SHA1

      e80b3e2288b4a56bb16613297c0145375769d023

    • SHA256

      1c492f435f72342a73511d72a4ec41cb314789d46cb0a4a9e4adc7ddb5883c97

    • SHA512

      a0fccc1d2f66c90234156c6c6945301ff7e96a863a83a42d64eacf5b3338d8e4f8f8996728024c84018ef001ec7b17f5b4106cf8fde096fcad80be03d2c300e0

    • SSDEEP

      768:lU5RsdBJeuqUIx4Lc11n/ijkGIVY48maOFJfuuc9oLmgj3nHvVZ0FC:lU5RCJeupLc1JKiG4/a2J2uc9ojjXvf

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks