Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    12c4d83b12af229b3c79d71f9f519a75417e91acf10e48292c5c6e75ae3a8460

  • Size

    10.0MB

  • Sample

    241010-m8qq5szekk

  • MD5

    533bfb0b0899b58c68010571c3805ad9

  • SHA1

    c2870181144ea91b8d1df1c4d4e0ad02b23ce181

  • SHA256

    12c4d83b12af229b3c79d71f9f519a75417e91acf10e48292c5c6e75ae3a8460

  • SHA512

    d8eec2b6ab81dbf7fdf23818bc45833ebffa9135b8d0fa32f34d876f9c439e33690a1d4cccfaba80dddb15e47e944dd1daee8bddf6230a7c3a664ceb5530ce44

  • SSDEEP

    196608:cGlS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:nlRrDjtLKkOa8ps6puAktIz

Malware Config

Targets

    • Target

      12c4d83b12af229b3c79d71f9f519a75417e91acf10e48292c5c6e75ae3a8460

    • Size

      10.0MB

    • MD5

      533bfb0b0899b58c68010571c3805ad9

    • SHA1

      c2870181144ea91b8d1df1c4d4e0ad02b23ce181

    • SHA256

      12c4d83b12af229b3c79d71f9f519a75417e91acf10e48292c5c6e75ae3a8460

    • SHA512

      d8eec2b6ab81dbf7fdf23818bc45833ebffa9135b8d0fa32f34d876f9c439e33690a1d4cccfaba80dddb15e47e944dd1daee8bddf6230a7c3a664ceb5530ce44

    • SSDEEP

      196608:cGlS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:nlRrDjtLKkOa8ps6puAktIz

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks