Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    setup_d.exe

  • Size

    4.3MB

  • Sample

    250205-rz8mtasmbp

  • MD5

    e99ac49ffa00594abe74e9f9147ed998

  • SHA1

    b4d159f79c581b4e2ec6f2d43029b554a9992799

  • SHA256

    909b38fc06f0e5068cf96f960a70119c23f0ef0a186daa8a6354b6292d060dac

  • SHA512

    bc8ba8b95b1d4d82cd28772e654d8253395461aa2e26031776f78bc3410a1458a63ad55f99a9c6d58f3939606c10dffafa300f3cd2a955d849cbb087e57a6450

  • SSDEEP

    49152:TSq3cukMML4lx88I2un+JhGm6U/sGsBmNFGqaZdZ+qYBGnZ:TSq31x88m+DgGsGsByGqaxv

Malware Config

Extracted

Family

metastealer

C2

kiyaqoimsiieeyqa.xyz

ssqsmisuowqcwsqo.xyz

ykqmwgsuummieaug.xyz

ewukeskgqswqesiw.xyz

cscqcsgewmwwaaui.xyz

cyoksykiamiscyia.xyz

okgomokemoucqeso.xyz

ikwacuakiqeimwua.xyz

aawcsqqaywckiwmi.xyz

aiqasksgmyeqocei.xyz

qgumcuisgaeyuqqe.xyz

eiesoycamyqqgcea.xyz

ywceswakicsqomqw.xyz

auaieuewouawygku.xyz

cmiascusccywowcs.xyz

uiqkkomkaceqacec.xyz

quqeciymqmkqccqw.xyz

ssqsauuuyyigouou.xyz

aogaakukuugqswcy.xyz

ucgwcwsuqsuwewgc.xyz

Attributes
  • dga_seed

    21845

  • domain_length

    16

  • num_dga_domains

    10000

  • port

    443

Targets

    • Target

      setup_d.exe

    • Size

      4.3MB

    • MD5

      e99ac49ffa00594abe74e9f9147ed998

    • SHA1

      b4d159f79c581b4e2ec6f2d43029b554a9992799

    • SHA256

      909b38fc06f0e5068cf96f960a70119c23f0ef0a186daa8a6354b6292d060dac

    • SHA512

      bc8ba8b95b1d4d82cd28772e654d8253395461aa2e26031776f78bc3410a1458a63ad55f99a9c6d58f3939606c10dffafa300f3cd2a955d849cbb087e57a6450

    • SSDEEP

      49152:TSq3cukMML4lx88I2un+JhGm6U/sGsBmNFGqaZdZ+qYBGnZ:TSq31x88m+DgGsGsByGqaxv

    • Meta Stealer

      Meta Stealer steals passwords stored in browsers, written in C++.

    • MetaStealer payload

    • Metastealer family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks