Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cf1e0e2019d7b2a1535c3ac8e6de29fcea80e690116d0f6f2ac50205277086fe

  • Size

    272KB

  • Sample

    240930-dblaqaycpg

  • MD5

    fcddcc6103abdc8512e6aef6a41944a0

  • SHA1

    102acf317f50f0d45dc93f804e20ec8c7ab3a151

  • SHA256

    cf1e0e2019d7b2a1535c3ac8e6de29fcea80e690116d0f6f2ac50205277086fe

  • SHA512

    709786c78d44ea9e71d93beb8c09ca3d6225eac03434d5642bb42864f1d366056429806b6aae5f65e4766710cfaed5dafdfa8ee9fe2ed487738db44d7fc55e1c

  • SSDEEP

    6144:ijOZOz0jOZ+ghfu3WujOZsfRYDjbvKT8N5XaMLPOgRv+qR:ijOZOz0jOZ+g1umujOZsCq8NNPl9+q

Malware Config

Targets

    • Target

      cf1e0e2019d7b2a1535c3ac8e6de29fcea80e690116d0f6f2ac50205277086fe

    • Size

      272KB

    • MD5

      fcddcc6103abdc8512e6aef6a41944a0

    • SHA1

      102acf317f50f0d45dc93f804e20ec8c7ab3a151

    • SHA256

      cf1e0e2019d7b2a1535c3ac8e6de29fcea80e690116d0f6f2ac50205277086fe

    • SHA512

      709786c78d44ea9e71d93beb8c09ca3d6225eac03434d5642bb42864f1d366056429806b6aae5f65e4766710cfaed5dafdfa8ee9fe2ed487738db44d7fc55e1c

    • SSDEEP

      6144:ijOZOz0jOZ+ghfu3WujOZsfRYDjbvKT8N5XaMLPOgRv+qR:ijOZOz0jOZ+g1umujOZsCq8NNPl9+q

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks