Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Built.exe
-
Size
6.9MB
-
Sample
250109-ybhj2synfw
-
MD5
d289d8d1a916240a07faa4af79bf3cf9
-
SHA1
847646b8cac7f231c488762e9ebd59c1c1bf2054
-
SHA256
c6ffecfce008c8ab2f0db96418fbaeaf3413ad4dc0a05b484101cb624a87a8a0
-
SHA512
174eee0cece8812b35bc58e2fc2fd48f045cff60e439e199df71e11076293b0a06811049b4f85c4ee84b10f50992b19cf84fcda03d14200fc2ca4bd7273fdfd2
-
SSDEEP
98304:J+DjWM8JEE1F6BamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRiYRJJcGhEIFd:J+0U8eNTfm/pf+xk4dWRimrbW3jmyC
Malware Config
Targets
-
-
Target
Built.exe
-
Size
6.9MB
-
MD5
d289d8d1a916240a07faa4af79bf3cf9
-
SHA1
847646b8cac7f231c488762e9ebd59c1c1bf2054
-
SHA256
c6ffecfce008c8ab2f0db96418fbaeaf3413ad4dc0a05b484101cb624a87a8a0
-
SHA512
174eee0cece8812b35bc58e2fc2fd48f045cff60e439e199df71e11076293b0a06811049b4f85c4ee84b10f50992b19cf84fcda03d14200fc2ca4bd7273fdfd2
-
SSDEEP
98304:J+DjWM8JEE1F6BamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRiYRJJcGhEIFd:J+0U8eNTfm/pf+xk4dWRimrbW3jmyC
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-