Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Crypto Ripper + reFUD pack (1).7z
-
Size
24.4MB
-
Sample
241123-vdp55avjfp
-
MD5
970da18c0ac98e9fa2a96ef1d816e586
-
SHA1
294fed6118f8737c4f0b654497581497300b9c3f
-
SHA256
ec41dc11de92db5fd53bfb863828338d2e8de2ed03434d44f38be3dbec66ff6b
-
SHA512
a1c15ac15adc2e0790a67686ca080296cdca696cf581f037a5c97f0921f7c8651bbb674b8985b2e709a0b0c0c7a9f6c072edf28ac3a065696caafffdd2e8227a
-
SSDEEP
786432:0Z3xzt3GEOFJAmYRFc0H2ZKyJioHyOm5JyOArYp1ciw:s3xzYE0GmwFc0ryJinOm5P4b
Behavioral task
behavioral1
Sample
Crypto Ripper + reFUD pack (1).7z
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
Crypto Ripper + reFUD pack (1).7z
-
Size
24.4MB
-
MD5
970da18c0ac98e9fa2a96ef1d816e586
-
SHA1
294fed6118f8737c4f0b654497581497300b9c3f
-
SHA256
ec41dc11de92db5fd53bfb863828338d2e8de2ed03434d44f38be3dbec66ff6b
-
SHA512
a1c15ac15adc2e0790a67686ca080296cdca696cf581f037a5c97f0921f7c8651bbb674b8985b2e709a0b0c0c7a9f6c072edf28ac3a065696caafffdd2e8227a
-
SSDEEP
786432:0Z3xzt3GEOFJAmYRFc0H2ZKyJioHyOm5JyOArYp1ciw:s3xzYE0GmwFc0ryJinOm5P4b
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Netsh Helper DLL
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Netsh Helper DLL
1Defense Evasion
Modify Registry
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3