Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    qpred-setup.exe

  • Size

    83.3MB

  • Sample

    240911-xwqwgsyblh

  • MD5

    53e4003e2f973d76d725327f9a00374c

  • SHA1

    396988c2a64b24f82c16b075430acfef8fb2e45b

  • SHA256

    b17cb39f3d9da2e11a0f098e075fbd104327cbcf2143ccee63fb1510810a9d09

  • SHA512

    0e45f43153c4ea80a50fffd1a29ff953d589f30f0f0866a05a3e7f594bc95e8f8b579d24f48c397d3e871df280abb1eacccd65b39447cbf9d0d33d14e42f7bda

  • SSDEEP

    1572864:IKB7vFQqMrlpA+Ql4OdHxTivfSioqiASrrIo:IKBJykl9Hxen1obr0

Malware Config

Targets

    • Target

      qpred-setup.exe

    • Size

      83.3MB

    • MD5

      53e4003e2f973d76d725327f9a00374c

    • SHA1

      396988c2a64b24f82c16b075430acfef8fb2e45b

    • SHA256

      b17cb39f3d9da2e11a0f098e075fbd104327cbcf2143ccee63fb1510810a9d09

    • SHA512

      0e45f43153c4ea80a50fffd1a29ff953d589f30f0f0866a05a3e7f594bc95e8f8b579d24f48c397d3e871df280abb1eacccd65b39447cbf9d0d33d14e42f7bda

    • SSDEEP

      1572864:IKB7vFQqMrlpA+Ql4OdHxTivfSioqiASrrIo:IKBJykl9Hxen1obr0

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      loader-o.pyc

    • Size

      61KB

    • MD5

      4da1c2751b1ab14235592b98665387e3

    • SHA1

      e80b3e2288b4a56bb16613297c0145375769d023

    • SHA256

      1c492f435f72342a73511d72a4ec41cb314789d46cb0a4a9e4adc7ddb5883c97

    • SHA512

      a0fccc1d2f66c90234156c6c6945301ff7e96a863a83a42d64eacf5b3338d8e4f8f8996728024c84018ef001ec7b17f5b4106cf8fde096fcad80be03d2c300e0

    • SSDEEP

      768:lU5RsdBJeuqUIx4Lc11n/ijkGIVY48maOFJfuuc9oLmgj3nHvVZ0FC:lU5RCJeupLc1JKiG4/a2J2uc9ojjXvf

    Score
    6/10
    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks