Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    FusionAutoExecOnTSB.exe

  • Size

    16.8MB

  • Sample

    241013-mh5sdawgnj

  • MD5

    fa760e085c2e7ee00e5674837187e7c9

  • SHA1

    b706c67da08ae9c57db0c92704044ddb802fcd4d

  • SHA256

    af4090144e3ba6900af06c077663f379cd8eba5844718b10553f99e67e479f66

  • SHA512

    e494af589a16bfd4600d56afeb0da7b37de48179178cc2a6e9583086b4986ed092b7ccaa769cf7955c6e42c35d62b8131e7f4fd27dbfbbc4792ca404b1d16991

  • SSDEEP

    393216:pXb4YQhZ2YsHFUK2Jn1+TtIiFmY9Z8D8CclDNQhVCUTbmQLoSsF:RQZ2YwUlJn1QtI3a8DZcBojHL

Malware Config

Targets

    • Target

      FusionAutoExecOnTSB.exe

    • Size

      16.8MB

    • MD5

      fa760e085c2e7ee00e5674837187e7c9

    • SHA1

      b706c67da08ae9c57db0c92704044ddb802fcd4d

    • SHA256

      af4090144e3ba6900af06c077663f379cd8eba5844718b10553f99e67e479f66

    • SHA512

      e494af589a16bfd4600d56afeb0da7b37de48179178cc2a6e9583086b4986ed092b7ccaa769cf7955c6e42c35d62b8131e7f4fd27dbfbbc4792ca404b1d16991

    • SSDEEP

      393216:pXb4YQhZ2YsHFUK2Jn1+TtIiFmY9Z8D8CclDNQhVCUTbmQLoSsF:RQZ2YwUlJn1QtI3a8DZcBojHL

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks