Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
200852bb5037393f449292fafe1b990dd87eb92dc8c073519be3739d2ba1bc06N
-
Size
5.0MB
-
Sample
241018-e9kbraxfka
-
MD5
49e25fb2f9457492ae85aec0e1f1f690
-
SHA1
8d07424cb3635d284c7c99edb2bcd0913e873950
-
SHA256
200852bb5037393f449292fafe1b990dd87eb92dc8c073519be3739d2ba1bc06
-
SHA512
5bc05585c2a9dabce6613d2f77652541a13ae0454527bf3e9332293dd5e291e5fa9f6acacd01424c1db1209c499707edc1310f428445fcdbeb70d7f268108ea2
-
SSDEEP
24576:qIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIE:iFU
Malware Config
Targets
-
-
Target
200852bb5037393f449292fafe1b990dd87eb92dc8c073519be3739d2ba1bc06N
-
Size
5.0MB
-
MD5
49e25fb2f9457492ae85aec0e1f1f690
-
SHA1
8d07424cb3635d284c7c99edb2bcd0913e873950
-
SHA256
200852bb5037393f449292fafe1b990dd87eb92dc8c073519be3739d2ba1bc06
-
SHA512
5bc05585c2a9dabce6613d2f77652541a13ae0454527bf3e9332293dd5e291e5fa9f6acacd01424c1db1209c499707edc1310f428445fcdbeb70d7f268108ea2
-
SSDEEP
24576:qIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIE:iFU
Score10/10-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1