Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d99f4643fa07fa48ee5c7e700b0fd033.bin

  • Size

    7.2MB

  • Sample

    241105-zkvreaxpas

  • MD5

    e63e6de59afaabf9a3e5c77651dded72

  • SHA1

    7413091279b6cb1412863bf00ddc10004a1babc5

  • SHA256

    2759da6727291b8941a0675d5352ea1fad153ffd9f0bd447a0a96433ac94a906

  • SHA512

    d80400bb46871fc1c3a9b62e09eb7ff4d67a791aba193c053116020968f829dc02c9a7a4099306fb766aa38041e82bd03763a12593627a81eb175dfdbad016bc

  • SSDEEP

    98304:/Y+2dvGFB3zT9PcX5/jAwoglm+0/fCn7CF53p0xLbiaXnqmgW08nq/TrGiuOuKtU:/Yr8FPc5/bmvfCnmFq6aXeW0ySdI4yr

Malware Config

Targets

    • Target

      06b28a3a05f98b3172eee3f990e1e1c3f8d51d68a39f93db09e01fd2c70439d3.exe

    • Size

      7.3MB

    • MD5

      d99f4643fa07fa48ee5c7e700b0fd033

    • SHA1

      139f0f1734c268d9fe5154421ca1d6b6db5ffd4a

    • SHA256

      06b28a3a05f98b3172eee3f990e1e1c3f8d51d68a39f93db09e01fd2c70439d3

    • SHA512

      18420badfdac5fcd3b9c8d9b5e4cf364f686d59e22ad3ff44b599d40d3750740e06b63b5e4b52c2c2cae07ac244705dc412828dfcda5aff64bb4cc33a3458ab8

    • SSDEEP

      196608:Am8PDiLjv+bhqNVoB0SEsucQZ41JBbIg11tdJG:Z8PaL+9qz80SJHQK1JV1vDG

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks