Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b28723506b2dbc59052de0b64258a34e.msi

  • Size

    1.9MB

  • Sample

    250307-tlajzatk17

  • MD5

    b28723506b2dbc59052de0b64258a34e

  • SHA1

    adb829bc97158ee2a07aceece39423b16ee87c0c

  • SHA256

    9b9a83b5b88d7b361e4b48d9e15b9edb43e36a059bc4dbd871053cf108e6ff73

  • SHA512

    32aabf3381cf7ebbd44b9f7f34ca320b721967b412b2e6084e70e5cf0ab41a6b481182b83fdea79c3a77026efc43995ae269353c0b3608d6206218ea516df700

  • SSDEEP

    24576:Nt9cpVDhe6I6r31VcwEKk0w/cH8DfeE14:CpRhnPr31VcwcXzv

Malware Config

Extracted

Family

metastealer

C2

kagkimuoakomksww.xyz

cwikwiiisuyqymso.xyz

qgimwqowkmuicoos.xyz

kuueskmwqmwoocuq.xyz

eaeueussigokssqg.xyz

eoyqkgcyoesysssk.xyz

ocmmqamiyucswwik.xyz

eimemucysaammomg.xyz

iwomsoekyisuymws.xyz

mqykiccmwokeumes.xyz

iqqcgqqseysecuum.xyz

iqmoyikmqymsmcwm.xyz

aseuqoqgaueaymyo.xyz

wycuamkomemmigmy.xyz

ceiyeqaoscmsamim.xyz

skcqkaykccckqyam.xyz

kaycmqwocuyyuqyg.xyz

mqssyaeoeeucegqy.xyz

ywqamawcqumaqiyq.xyz

skscsegicyqikqww.xyz

Attributes
  • dga_seed

    12914

  • domain_length

    16

  • num_dga_domains

    10000

  • port

    443

Targets

    • Target

      b28723506b2dbc59052de0b64258a34e.msi

    • Size

      1.9MB

    • MD5

      b28723506b2dbc59052de0b64258a34e

    • SHA1

      adb829bc97158ee2a07aceece39423b16ee87c0c

    • SHA256

      9b9a83b5b88d7b361e4b48d9e15b9edb43e36a059bc4dbd871053cf108e6ff73

    • SHA512

      32aabf3381cf7ebbd44b9f7f34ca320b721967b412b2e6084e70e5cf0ab41a6b481182b83fdea79c3a77026efc43995ae269353c0b3608d6206218ea516df700

    • SSDEEP

      24576:Nt9cpVDhe6I6r31VcwEKk0w/cH8DfeE14:CpRhnPr31VcwcXzv

    • Meta Stealer

      Meta Stealer steals passwords stored in browsers, written in C++.

    • MetaStealer payload

    • Metastealer family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Modifies file permissions

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks