Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SaDesign download.zip

  • Size

    5.6MB

  • Sample

    241027-1sqcbstgpr

  • MD5

    30efc31421983d4ae5409dea907aa370

  • SHA1

    ab03dca026514cff98257f8a48d1ab99cb55c1b7

  • SHA256

    14dd7f0f6ce271254c164be12906aef50846bca872c2b3e42030146953db7116

  • SHA512

    ad7266f31ee0bfadf1c18d0e8def51cbee2a6ec384454a741635a39584f25ff3533886109fa7dd29fca5337ae3b2820fcb393908a4f3bd7be244bbe653cc0e6d

  • SSDEEP

    98304:jRcRyuvWgQHY6qYKZ3+2U5u9HVWpU74yxBlNxqu2LtrlJwzQ4MC9L2v:jRcRfWXZYuy9HYEv7xqltrln4Z96

Malware Config

Targets

    • Target

      SaDesign download.zip

    • Size

      5.6MB

    • MD5

      30efc31421983d4ae5409dea907aa370

    • SHA1

      ab03dca026514cff98257f8a48d1ab99cb55c1b7

    • SHA256

      14dd7f0f6ce271254c164be12906aef50846bca872c2b3e42030146953db7116

    • SHA512

      ad7266f31ee0bfadf1c18d0e8def51cbee2a6ec384454a741635a39584f25ff3533886109fa7dd29fca5337ae3b2820fcb393908a4f3bd7be244bbe653cc0e6d

    • SSDEEP

      98304:jRcRyuvWgQHY6qYKZ3+2U5u9HVWpU74yxBlNxqu2LtrlJwzQ4MC9L2v:jRcRfWXZYuy9HYEv7xqltrln4Z96

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Hide Artifacts: Hidden Window

      Windows that would typically be displayed when an application carries out an operation can be hidden.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks