Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-10-27_9418a4d67b5c1570f0079aba775484a2_poet-rat_snatch

  • Size

    14.7MB

  • Sample

    241027-2a3els1pdj

  • MD5

    9418a4d67b5c1570f0079aba775484a2

  • SHA1

    1ded85ff12c294e691c981f54ab5ac5f42520b9d

  • SHA256

    a0d0c4de97d4555c4276488fff2c2a44520a084782b77993410c4ec458187cde

  • SHA512

    88a9c5ff1f12d1df5d96d3e41d9cc5207cc86ff0045963b143937f9fa2b5a643303d113f88630678e6a7fc20b987a4b2e959476374fb999b2de71ffbbf8a2c34

  • SSDEEP

    98304:bGerAJorRnGqDhPIPkCEe9HWhL9fuu48E9ZyV9rjeq+DgVOHD:bDRGqD7bC9ZIN+EVGD

Malware Config

Targets

    • Target

      2024-10-27_9418a4d67b5c1570f0079aba775484a2_poet-rat_snatch

    • Size

      14.7MB

    • MD5

      9418a4d67b5c1570f0079aba775484a2

    • SHA1

      1ded85ff12c294e691c981f54ab5ac5f42520b9d

    • SHA256

      a0d0c4de97d4555c4276488fff2c2a44520a084782b77993410c4ec458187cde

    • SHA512

      88a9c5ff1f12d1df5d96d3e41d9cc5207cc86ff0045963b143937f9fa2b5a643303d113f88630678e6a7fc20b987a4b2e959476374fb999b2de71ffbbf8a2c34

    • SSDEEP

      98304:bGerAJorRnGqDhPIPkCEe9HWhL9fuu48E9ZyV9rjeq+DgVOHD:bDRGqD7bC9ZIN+EVGD

    • Downloads MZ/PE file

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Network Share Discovery

      Attempt to gather information on host network.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks