Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Tokyo Logger.exe

  • Size

    8.2MB

  • Sample

    241223-2j4c9stpar

  • MD5

    bfc95ddea20fbd937b316604def70873

  • SHA1

    248f86ab1ecefd654751ecc20f09684b8392d790

  • SHA256

    28d56ed7f2f5ae7558a1f303e3a4ebc0a01a118bd674a2dbb3a0d0e550c50591

  • SHA512

    00c1a4177bebb36ca4c2933fc8614ee97d98962ff1a5b0f6df380ffcd4858e92e250fb2fae22f70da1099000851bf56d62906b0e338baa432105324884ce7fb6

  • SSDEEP

    196608:5yeurErvI9pWjgyvoaYrE41JI9YIwoOdhQ:4eurEUWjdo/H1JboChQ

Malware Config

Targets

    • Target

      Tokyo Logger.exe

    • Size

      8.2MB

    • MD5

      bfc95ddea20fbd937b316604def70873

    • SHA1

      248f86ab1ecefd654751ecc20f09684b8392d790

    • SHA256

      28d56ed7f2f5ae7558a1f303e3a4ebc0a01a118bd674a2dbb3a0d0e550c50591

    • SHA512

      00c1a4177bebb36ca4c2933fc8614ee97d98962ff1a5b0f6df380ffcd4858e92e250fb2fae22f70da1099000851bf56d62906b0e338baa432105324884ce7fb6

    • SSDEEP

      196608:5yeurErvI9pWjgyvoaYrE41JI9YIwoOdhQ:4eurEUWjdo/H1JboChQ

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks