Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-10-14_0271bf83ad3127f16367a7662f2247b4_hijackloader_magniber

  • Size

    5.3MB

  • Sample

    241014-kpfeysseqg

  • MD5

    0271bf83ad3127f16367a7662f2247b4

  • SHA1

    cc30247eb021648e11ae84b7afacfa476129b2ef

  • SHA256

    9473531e370d7a45e1ff2bd214c0365f07c78f6ce52ec35f141fbedf76c2ed1f

  • SHA512

    17419cd882d6a812a051993450136fb3c4d59d2b5854989efeaaf6e8eea0d285a4bd940f3c51f46ec4b5efa5417d748ca58f51ece77210d32448f63178968173

  • SSDEEP

    98304:PkB/qoHMdnJE7hAlKnsz2C2PYdhIqHpnq0EB:bJEul4szEonqtB

Malware Config

Targets

    • Target

      2024-10-14_0271bf83ad3127f16367a7662f2247b4_hijackloader_magniber

    • Size

      5.3MB

    • MD5

      0271bf83ad3127f16367a7662f2247b4

    • SHA1

      cc30247eb021648e11ae84b7afacfa476129b2ef

    • SHA256

      9473531e370d7a45e1ff2bd214c0365f07c78f6ce52ec35f141fbedf76c2ed1f

    • SHA512

      17419cd882d6a812a051993450136fb3c4d59d2b5854989efeaaf6e8eea0d285a4bd940f3c51f46ec4b5efa5417d748ca58f51ece77210d32448f63178968173

    • SSDEEP

      98304:PkB/qoHMdnJE7hAlKnsz2C2PYdhIqHpnq0EB:bJEul4szEonqtB

    • Renames multiple (177) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Deletes itself

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks