Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Built.exe

  • Size

    6.9MB

  • Sample

    241029-dvlets1qhm

  • MD5

    b37054c3fd36d881c77d8405a7a4f8b3

  • SHA1

    6940fcee6576c884ec8db5e1bfbafdeb88e41af2

  • SHA256

    e23c471ae9c60d40aa180bc5c7596cc5c301a03dc14b7a460a7cd7e5a0623b34

  • SHA512

    f40d330ebb223b2697d1086ab5417556799d79850b40c7f7256864d49964abbdf49f59ae3e801e3faa2b0e93c90143f1bd874cc40d108c689d00edaf52bab608

  • SSDEEP

    98304:OaDjWM8JEE1FxhgamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEIr:Oa0rzeNTfm/pf+xk4dWRpmrbW3jmr

Malware Config

Targets

    • Target

      Built.exe

    • Size

      6.9MB

    • MD5

      b37054c3fd36d881c77d8405a7a4f8b3

    • SHA1

      6940fcee6576c884ec8db5e1bfbafdeb88e41af2

    • SHA256

      e23c471ae9c60d40aa180bc5c7596cc5c301a03dc14b7a460a7cd7e5a0623b34

    • SHA512

      f40d330ebb223b2697d1086ab5417556799d79850b40c7f7256864d49964abbdf49f59ae3e801e3faa2b0e93c90143f1bd874cc40d108c689d00edaf52bab608

    • SSDEEP

      98304:OaDjWM8JEE1FxhgamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEIr:Oa0rzeNTfm/pf+xk4dWRpmrbW3jmr

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks