Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    test1.exe

  • Size

    23.8MB

  • Sample

    241008-n1ymfs1flc

  • MD5

    69d0f43dbbf13c49a4a4c0471d431d55

  • SHA1

    11fae2cad1ce28afc07a1af0a3aa16fca9578550

  • SHA256

    d13192a653f873197b279801466ea0c633f6c4f652a66a064e67e7c09bae63b3

  • SHA512

    eef657b8bce34424a50857e729289a19c144c596c7f84793cc1c7069a093b82687f3530e155bc1e1be5d3498d3de89079798656fd647ef2826b6e690534162fe

  • SSDEEP

    393216:lqPnLFXlrxde9TQDyRTDOETgsvcGUVgKyetpWpu/W67ys9+j2oYs:cPLFXNOQDyAEUx0m9r8b

Malware Config

Targets

    • Target

      test1.exe

    • Size

      23.8MB

    • MD5

      69d0f43dbbf13c49a4a4c0471d431d55

    • SHA1

      11fae2cad1ce28afc07a1af0a3aa16fca9578550

    • SHA256

      d13192a653f873197b279801466ea0c633f6c4f652a66a064e67e7c09bae63b3

    • SHA512

      eef657b8bce34424a50857e729289a19c144c596c7f84793cc1c7069a093b82687f3530e155bc1e1be5d3498d3de89079798656fd647ef2826b6e690534162fe

    • SSDEEP

      393216:lqPnLFXlrxde9TQDyRTDOETgsvcGUVgKyetpWpu/W67ys9+j2oYs:cPLFXNOQDyAEUx0m9r8b

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks