Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9dccc37950a931f71fa882637bae0a24433ed442735041a34aae64180390ea14
-
Size
1.3MB
-
Sample
241013-k85tystcqm
-
MD5
1bbf95a7df851e922b359f8b27b12a48
-
SHA1
8b1fd38c50ccadb7af35b6d00dd5ab47285808d7
-
SHA256
9dccc37950a931f71fa882637bae0a24433ed442735041a34aae64180390ea14
-
SHA512
6f0700adcf29422f56fb895e2b4bef25b3b00883db242af0e7e245425462e08c008b1fa79be4531534f6041b3266655f02ed35553305f4683fa3db8cf24a359f
-
SSDEEP
24576:e3NYUR5kbjnCciOinOjLldsBjt8t2R8jpfZIg4mw6Ns/pZmBZOlnLyAuvTkM0XMA:edYGILDcO/fsBmLjRw6qpZmBZWyLaXMA
Malware Config
Targets
-
-
Target
9dccc37950a931f71fa882637bae0a24433ed442735041a34aae64180390ea14
-
Size
1.3MB
-
MD5
1bbf95a7df851e922b359f8b27b12a48
-
SHA1
8b1fd38c50ccadb7af35b6d00dd5ab47285808d7
-
SHA256
9dccc37950a931f71fa882637bae0a24433ed442735041a34aae64180390ea14
-
SHA512
6f0700adcf29422f56fb895e2b4bef25b3b00883db242af0e7e245425462e08c008b1fa79be4531534f6041b3266655f02ed35553305f4683fa3db8cf24a359f
-
SSDEEP
24576:e3NYUR5kbjnCciOinOjLldsBjt8t2R8jpfZIg4mw6Ns/pZmBZOlnLyAuvTkM0XMA:edYGILDcO/fsBmLjRw6qpZmBZWyLaXMA
Score8/10-
Drops file in Drivers directory
-
Deletes itself
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
System Binary Proxy Execution: Rundll32
Abuse Rundll32 to proxy execution of malicious code.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1