Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

sample.exe

windows7-x64

10

sample.exe

windows10-2004-x64

10

sample.exe

windows10-ltsc 2021-x64

10

sample.exe

windows11-21h2-x64

10

Resubmissions

08/12/2024, 23:53 UTC

241208-3xp88swmes 10

19/07/2023, 10:01 UTC

230719-l2n4asdb6y 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0017a2f18f49ca0a4cc0a1f6a524faa5658ae033eda508906b626329c232fba5.bin.sample.gz

  • Size

    19.0MB

  • Sample

    241208-3xp88swmes

  • MD5

    6ff960b01aff126bd4941ff77f50d450

  • SHA1

    60e310d40576ba293826f4c32497481d9d0d9917

  • SHA256

    58d351c4724c28b369df9524058ae8b67ae110fd880e6d6ede9d78f9eaa47b73

  • SHA512

    4724370db46ebfb6a78583bf81464d8bf87541ecda5d5ca4dbf943771e2ce165299250fa4a1353927cbebfc19d9a564550d00d1fdcb8b7f90ba7b044b087b37f

  • SSDEEP

    393216:srFkLwpwbxtKGnyh+tdtG5JC0vSnTJ7tg1Kjkgj1u9GoFsj9ME:iklxIyyhudt88CQBJIgQW9ME

Score
10/10
fabookiediscoveryevasionpersistenceprivilege_escalationspywarestealervmprotect

Malware Config

Targets

    • Target

      sample

    • Size

      19.1MB

    • MD5

      8ebac20b51430b0cc35cef0bb4343524

    • SHA1

      d73890138f1bac7f87cbb0137a86b000ca1dfdc8

    • SHA256

      0017a2f18f49ca0a4cc0a1f6a524faa5658ae033eda508906b626329c232fba5

    • SHA512

      0db3f4eb3df46f9811793edd29388fe7c9a36c3c9f94f4f16caaaa70d0a28aa4e8a38ccc96fd57270dab9d23b0313f85aab0808e81c660512bc8abc7d2f90674

    • SSDEEP

      393216:obnSY7czVZQ+jQ3o3xrcJpuEJsVLDV3EJCP2qzFMlSQbY3hyt:GOVSiQ30xrUQkoFz+qaghyt

    Score
    10/10
    fabookiediscoveryevasionpersistenceprivilege_escalationspywarestealervmprotect

    • Detect Fabookie payload

    • Fabookie

      Fabookie is facebook account info stealer.

      spywarestealerfabookie

    • Fabookie family

      fabookie

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

3
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

3
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.