Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Setup.exe
-
Size
9.6MB
-
Sample
250128-wvxf7szpcm
-
MD5
5baf9efcc3bfc3789f8a58733107e954
-
SHA1
fa27fcd63763c6353d5a3aa15628464d5619a069
-
SHA256
1ed96eaa40c0325cec3903cc8f8f50a12db5615f6bc5cbb21b4f61f9c4e21c8f
-
SHA512
f3b79cfb58d2e672616e7704ad57ef39779ea7c2b4bfa961b4bad0d38f63ba6620acb5aabd7360d7a5dfbbe0b4c89ce73d75c9104e3585654110a6297252c2d5
-
SSDEEP
196608:+C5QXwuL0XZY7w3xi3UxkcurErvI9pWjgN3ZdahF0pbH1AYSEp1CtQsNI/SBmUX:T/ZTYskcurEUWjqeWxQX6nWvX
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral2
Sample
��J�gQA.pyc
Resource
win10v2004-20241007-en
Malware Config
Extracted
stealerium
https://discordapp.com/api/webhooks/1260240210554392698/6OTQbI2XfVEyUkQ3VwmQg2Rl76EMQY9zwhXAJ7uCLz5zYqMaTsKW19kSRwFhVD5eLQeP
Targets
-
-
Target
Setup.exe
-
Size
9.6MB
-
MD5
5baf9efcc3bfc3789f8a58733107e954
-
SHA1
fa27fcd63763c6353d5a3aa15628464d5619a069
-
SHA256
1ed96eaa40c0325cec3903cc8f8f50a12db5615f6bc5cbb21b4f61f9c4e21c8f
-
SHA512
f3b79cfb58d2e672616e7704ad57ef39779ea7c2b4bfa961b4bad0d38f63ba6620acb5aabd7360d7a5dfbbe0b4c89ce73d75c9104e3585654110a6297252c2d5
-
SSDEEP
196608:+C5QXwuL0XZY7w3xi3UxkcurErvI9pWjgN3ZdahF0pbH1AYSEp1CtQsNI/SBmUX:T/ZTYskcurEUWjqeWxQX6nWvX
-
Stealerium family
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
��J�gQA.pyc
-
Size
1KB
-
MD5
fd1f7cbf0e9e3a95ba5a8ddc63b7d3f8
-
SHA1
5d4c1d49a01f1a0836aed159563595c97970e7c6
-
SHA256
b8e444ea84c95e6d560d53da4a4895276fecce43a9ffe18cef6a7c523bfd676c
-
SHA512
3197b952c666b8788ade42c58771557ee8aed20bfb7a60074c50188bb4b687e8cee217ffdfefd70fd2f5aef788d6e2102f43a2a93320f898ea2088827473186b
Score1/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3Discovery
Browser Information Discovery
1Process Discovery
1Query Registry
1Remote System Discovery
1System Information Discovery
4System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
2Internet Connection Discovery
1Wi-Fi Discovery
1