Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5b00fb007aa5f32d3988915ca620dcd2b8b294ab6c15351f875bc51bc8d609a4

  • Size

    154KB

  • Sample

    250117-ae2v4avqgx

  • MD5

    1f4b546cb16987441246068d9c2383ce

  • SHA1

    e5d7b0fe47c5229278a7a91b4b7dfc937d60bbb6

  • SHA256

    5b00fb007aa5f32d3988915ca620dcd2b8b294ab6c15351f875bc51bc8d609a4

  • SHA512

    6521db55eac53895d42a0b490b6da1dac8aa11b12f951ea3751dd892ef8f12d605551adb51bcc5d082915167321b8b1bbb206e9b5e2d3b4f78953ca838a57c18

  • SSDEEP

    3072:O5NxdMj7DYOqLQJkZ6BZn0zNEkVRZS3Tn3icmK786HWy:AN03YOq6IPZEe3YLlD2y

Malware Config

Targets

    • Target

      ONUS (4).exe

    • Size

      219KB

    • MD5

      4b571a5241c60fe43fe3819c6a9df813

    • SHA1

      f6b2bd4a102e538b6b45a1d563304b831d2a9a9b

    • SHA256

      0cc08a3fc33db7ed2075e49ac59ce9204a21ec8f2fe13559cbdc9cb77ca99289

    • SHA512

      31740552db3de6b198960fb5c95794eda52b5bbf5f393eb053bd98c21d88258e34ea55fcde754b4173ed91bced87242f3d0f8dd3c93fed7c24c7810516e87e89

    • SSDEEP

      3072:QArRIzPm7i7x2KhtCqE5bpcqiieyAd9g8QwyZ0+tvCiJ86AR+xx7CG9eeIUV:r4PO62KI5dcdield9grw0BH866cZeV

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks