Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Crypto Ripper + reFUD pack (1).7z

  • Size

    24.4MB

  • Sample

    241123-vdp55avjfp

  • MD5

    970da18c0ac98e9fa2a96ef1d816e586

  • SHA1

    294fed6118f8737c4f0b654497581497300b9c3f

  • SHA256

    ec41dc11de92db5fd53bfb863828338d2e8de2ed03434d44f38be3dbec66ff6b

  • SHA512

    a1c15ac15adc2e0790a67686ca080296cdca696cf581f037a5c97f0921f7c8651bbb674b8985b2e709a0b0c0c7a9f6c072edf28ac3a065696caafffdd2e8227a

  • SSDEEP

    786432:0Z3xzt3GEOFJAmYRFc0H2ZKyJioHyOm5JyOArYp1ciw:s3xzYE0GmwFc0ryJinOm5P4b

Malware Config

Targets

    • Target

      Crypto Ripper + reFUD pack (1).7z

    • Size

      24.4MB

    • MD5

      970da18c0ac98e9fa2a96ef1d816e586

    • SHA1

      294fed6118f8737c4f0b654497581497300b9c3f

    • SHA256

      ec41dc11de92db5fd53bfb863828338d2e8de2ed03434d44f38be3dbec66ff6b

    • SHA512

      a1c15ac15adc2e0790a67686ca080296cdca696cf581f037a5c97f0921f7c8651bbb674b8985b2e709a0b0c0c7a9f6c072edf28ac3a065696caafffdd2e8227a

    • SSDEEP

      786432:0Z3xzt3GEOFJAmYRFc0H2ZKyJioHyOm5JyOArYp1ciw:s3xzYE0GmwFc0ryJinOm5P4b

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks