Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
MicrosoftActivator.exe
-
Size
130.1MB
-
Sample
250312-1gyvbsvrx7
-
MD5
57f71793f17ef4f6d1aad11db4b9e402
-
SHA1
488bbda45048d6dab83d3d725bd97c9b7f8e5987
-
SHA256
e0580491c1146ad6707ad2d81a080cb6fb545bd6b8e2dbc16e0b06e9780764eb
-
SHA512
3394f7ba35438b9bc7fad9466ec299851bb5a4a301c48c58eaabcc17e7fd7286257589157937d286359597344a6d9b3a4c26c96c1f89683a5059afd01efa6447
-
SSDEEP
786432:nkgh3akgh2vk49Otsbyx1DOUNoER7gHk49Otsbyx1DOUNoER7g2:kgJTgwvk49QsmPf2Hk49QsmPf22
Malware Config
Targets
-
-
Target
MicrosoftActivator.exe
-
Size
130.1MB
-
MD5
57f71793f17ef4f6d1aad11db4b9e402
-
SHA1
488bbda45048d6dab83d3d725bd97c9b7f8e5987
-
SHA256
e0580491c1146ad6707ad2d81a080cb6fb545bd6b8e2dbc16e0b06e9780764eb
-
SHA512
3394f7ba35438b9bc7fad9466ec299851bb5a4a301c48c58eaabcc17e7fd7286257589157937d286359597344a6d9b3a4c26c96c1f89683a5059afd01efa6447
-
SSDEEP
786432:nkgh3akgh2vk49Otsbyx1DOUNoER7gHk49Otsbyx1DOUNoER7g2:kgJTgwvk49QsmPf2Hk49QsmPf22
Score8/10-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1