Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    main.exe

  • Size

    25.3MB

  • Sample

    240911-zfgnzs1hlk

  • MD5

    855455de8ab36382208304709166882a

  • SHA1

    b6679212cee2a18963c21ee3380c9cf9b4e99d6c

  • SHA256

    128da107c20b7de63ac575bdbc4f87df5ba5283a710e26d2864ae98985b5356f

  • SHA512

    56e8f900350388158dab4c5c93183ae4dff78a0c77e1817420f794407531ac99fe831acc647584b8eccc90e491a784c25d2d9d518cc32f4beb5c3c7fc5c0a06c

  • SSDEEP

    786432:fPLFXs7dzrv03GYPQttaSa8o5VLTdGjRp:HLFcxs2YPQZHSLsp

Malware Config

Targets

    • Target

      main.exe

    • Size

      25.3MB

    • MD5

      855455de8ab36382208304709166882a

    • SHA1

      b6679212cee2a18963c21ee3380c9cf9b4e99d6c

    • SHA256

      128da107c20b7de63ac575bdbc4f87df5ba5283a710e26d2864ae98985b5356f

    • SHA512

      56e8f900350388158dab4c5c93183ae4dff78a0c77e1817420f794407531ac99fe831acc647584b8eccc90e491a784c25d2d9d518cc32f4beb5c3c7fc5c0a06c

    • SSDEEP

      786432:fPLFXs7dzrv03GYPQttaSa8o5VLTdGjRp:HLFcxs2YPQZHSLsp

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks