Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

31/12/2024, 09:49

241231-ltbs1axkfr 10

General

  • Target

    password ( gui2022 ) (1).zip

  • Size

    642KB

  • Sample

    241231-ltbs1axkfr

  • MD5

    f903dc6148d008fd3846b652c696326f

  • SHA1

    68cc1bf8335e353d51b62b799405f3fee1d7a66c

  • SHA256

    436d974724bad165f4c6972529740dc2ea0c112c4a5957d75a7220090ddd5ded

  • SHA512

    f23c6292eefa45f456f15db6506a12c8c941e1daeb09c17709864a857e2e8a4a1a2c425a38ab507b23295328220a64dc524a5ccef107fcb8bc42da535fc614ff

  • SSDEEP

    12288:n9OujvTwkuLx3KAlAN6mODQnclrbtR2c/rO0Ud:Iuo1Kk06Qmz2cTVY

Malware Config

Extracted

Family

erbium

C2

77.73.133.53

Targets

    • Target

      password ( gui2022 ) (1).zip

    • Size

      642KB

    • MD5

      f903dc6148d008fd3846b652c696326f

    • SHA1

      68cc1bf8335e353d51b62b799405f3fee1d7a66c

    • SHA256

      436d974724bad165f4c6972529740dc2ea0c112c4a5957d75a7220090ddd5ded

    • SHA512

      f23c6292eefa45f456f15db6506a12c8c941e1daeb09c17709864a857e2e8a4a1a2c425a38ab507b23295328220a64dc524a5ccef107fcb8bc42da535fc614ff

    • SSDEEP

      12288:n9OujvTwkuLx3KAlAN6mODQnclrbtR2c/rO0Ud:Iuo1Kk06Qmz2cTVY

    • Erbium

      Erbium is an infostealer written in C++ and first seen in July 2022.

    • Erbium family

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks