Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    lGxCmyo.exe

  • Size

    6.3MB

  • Sample

    250131-zhtrbsymer

  • MD5

    8b566fdf77f5acf29c6c5bd2d52eacab

  • SHA1

    19842502be7711f7e4d303c71184dc0b2ac05798

  • SHA256

    4dcab4dff066a113b9f2cea94b1b21837cf92f0874eb3c4fc166824546ff5271

  • SHA512

    d3e12e3a8f5593a8e7eb7c78c0b27e1a2b9ba229a2ab4ff14675589617a43185a9bea8ffa4b26586e9744b39b657d143645f76bcac21f20fbab45509998c1ff6

  • SSDEEP

    98304:ijcIruEVC6IEq9Vyn//5gcllxt3bzBoUv6aQ/BDyZeut1BDjRhh:WDCjTA//5gcllfrNJ6jBGwutlhh

Malware Config

Targets

    • Target

      lGxCmyo.exe

    • Size

      6.3MB

    • MD5

      8b566fdf77f5acf29c6c5bd2d52eacab

    • SHA1

      19842502be7711f7e4d303c71184dc0b2ac05798

    • SHA256

      4dcab4dff066a113b9f2cea94b1b21837cf92f0874eb3c4fc166824546ff5271

    • SHA512

      d3e12e3a8f5593a8e7eb7c78c0b27e1a2b9ba229a2ab4ff14675589617a43185a9bea8ffa4b26586e9744b39b657d143645f76bcac21f20fbab45509998c1ff6

    • SSDEEP

      98304:ijcIruEVC6IEq9Vyn//5gcllxt3bzBoUv6aQ/BDyZeut1BDjRhh:WDCjTA//5gcllfrNJ6jBGwutlhh

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks