Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
runtime.exe
-
Size
10.2MB
-
Sample
250105-1xp75azkam
-
MD5
0c240b9c9c4389c3c9781901f0477a53
-
SHA1
dbdde2dbe0fbddaf2bd9f4d48ff7ae001c02b35f
-
SHA256
fb5164e67af401005d2b5d4b328a2f9dbb48a8468f7c7010f7711507f146d6fb
-
SHA512
971a597e1781000c6a8e9a72df93acff08e77b679631a127dd09794632d9f6945c995241fa683d700917493cdb58c9414feb6ea5980780e1cc052043eda62810
-
SSDEEP
196608:zNVSxLqcemXyuSyTde8BRHvUWvofhxjno/w3iFCxHQbRNSEtXVnDQc1:ZtByxjBRHdAxro/w3uCxHQbq4nDQu
Behavioral task
behavioral1
Sample
runtime.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
runtime.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Stub.pyc
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
Stub.pyc
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
runtime.exe
-
Size
10.2MB
-
MD5
0c240b9c9c4389c3c9781901f0477a53
-
SHA1
dbdde2dbe0fbddaf2bd9f4d48ff7ae001c02b35f
-
SHA256
fb5164e67af401005d2b5d4b328a2f9dbb48a8468f7c7010f7711507f146d6fb
-
SHA512
971a597e1781000c6a8e9a72df93acff08e77b679631a127dd09794632d9f6945c995241fa683d700917493cdb58c9414feb6ea5980780e1cc052043eda62810
-
SSDEEP
196608:zNVSxLqcemXyuSyTde8BRHvUWvofhxjno/w3iFCxHQbRNSEtXVnDQc1:ZtByxjBRHdAxro/w3uCxHQbq4nDQu
-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Exelastealer family
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
Stub.pyc
-
Size
798KB
-
MD5
bb21c0649989972a29315802dfed2b17
-
SHA1
f9c4e407e787413daff90c9fae1becdf0e47a62d
-
SHA256
340afc1723cfa9dfe70e6453c3c55606cd9324eb248ab4b5fa168ae51fa8a103
-
SHA512
1a79d416ed8b49f0d65767e8991302287eba84e54339917492b8f1938f439f625476d4935a698e8ddfa0265c241e1c79208bcba9a6dfe7cc88b11736de615308
-
SSDEEP
24576:XH6hUrxukyQly2rxUDTfGnvb89droab/0U7c+r:jxaDjGG7r/r
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Account Manipulation
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Network Service Discovery
1Permission Groups Discovery
1Local Groups
1Process Discovery
1System Information Discovery
3System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Wi-Fi Discovery
1System Network Connections Discovery
1