Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JF34GHJDN83.exe

  • Size

    17.9MB

  • Sample

    240919-tk35wsxdrg

  • MD5

    272f5e8422aa86841a85ebddca177272

  • SHA1

    a5a0d763f34a1f40ef41b3cda0c44a947ac2b8b0

  • SHA256

    040f72614f2303bd9c609b3334cf757a7329b6153c8f6fc8c9bebb6e357f614c

  • SHA512

    4d959b07368d6a94eb62d2e9d28621ce46fe49a2cdcda0f29750871eefac1e3d30e67365e33fa41982b59a4f521e219d84e6e892292e7ce10f745807250a5f4c

  • SSDEEP

    393216:gqPnLFXlreQ+DOETgsvfGFgFlvEtqE1wJrq:hPLFXNeQ/Egcav1f

Malware Config

Targets

    • Target

      JF34GHJDN83.exe

    • Size

      17.9MB

    • MD5

      272f5e8422aa86841a85ebddca177272

    • SHA1

      a5a0d763f34a1f40ef41b3cda0c44a947ac2b8b0

    • SHA256

      040f72614f2303bd9c609b3334cf757a7329b6153c8f6fc8c9bebb6e357f614c

    • SHA512

      4d959b07368d6a94eb62d2e9d28621ce46fe49a2cdcda0f29750871eefac1e3d30e67365e33fa41982b59a4f521e219d84e6e892292e7ce10f745807250a5f4c

    • SSDEEP

      393216:gqPnLFXlreQ+DOETgsvfGFgFlvEtqE1wJrq:hPLFXNeQ/Egcav1f

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks