Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN

  • Size

    1.2MB

  • Sample

    241025-2effmswald

  • MD5

    52020fb713143f15456da51e4d895970

  • SHA1

    29857a25ca0915011ea8fea0c58c85ecbbe13894

  • SHA256

    53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578d

  • SHA512

    ba9956edd06bc1738817454f9dcd2b6588a44107e7ec825a31e5c0e57d450a966f228ce106bef10bfccc4ecf86e40e7f6378f343359a52618e7e930dfa1cb461

  • SSDEEP

    12288:qIIIx/30YdPHz982Vm8540sIIIIIIIIIIIs:qIIIx/3FPHzK8m0sIIIIIIIIIIIs

Malware Config

Targets

    • Target

      53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN

    • Size

      1.2MB

    • MD5

      52020fb713143f15456da51e4d895970

    • SHA1

      29857a25ca0915011ea8fea0c58c85ecbbe13894

    • SHA256

      53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578d

    • SHA512

      ba9956edd06bc1738817454f9dcd2b6588a44107e7ec825a31e5c0e57d450a966f228ce106bef10bfccc4ecf86e40e7f6378f343359a52618e7e930dfa1cb461

    • SSDEEP

      12288:qIIIx/30YdPHz982Vm8540sIIIIIIIIIIIs:qIIIx/3FPHzK8m0sIIIIIIIIIIIs

    • Modifies WinLogon for persistence

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks