Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2025-03-21_a592bc2718478c37da22aa4d773c47c2_luca-stealer
-
Size
6.6MB
-
Sample
250321-r3yl1svl18
-
MD5
a592bc2718478c37da22aa4d773c47c2
-
SHA1
14086e8580bff5defca8054f42f7ff8ae2f3676d
-
SHA256
23c2c3f2c093041b8e83654462345ebabd83d80c79271d417091f3ada03706ae
-
SHA512
531510375ce73bd2695398630a8db18533aa7caa15301ef6314e3522365c970858ef86e94a91369c3b0901829d2cc8db9d24ebe3747b4bf69f07b7530ae8ad40
-
SSDEEP
196608:qbuCCCZNulPKQ8hY/Bkr/fOIT/+VdlBFKaz5:huN/HYOSIT/EVF9F
Malware Config
Targets
-
-
Target
2025-03-21_a592bc2718478c37da22aa4d773c47c2_luca-stealer
-
Size
6.6MB
-
MD5
a592bc2718478c37da22aa4d773c47c2
-
SHA1
14086e8580bff5defca8054f42f7ff8ae2f3676d
-
SHA256
23c2c3f2c093041b8e83654462345ebabd83d80c79271d417091f3ada03706ae
-
SHA512
531510375ce73bd2695398630a8db18533aa7caa15301ef6314e3522365c970858ef86e94a91369c3b0901829d2cc8db9d24ebe3747b4bf69f07b7530ae8ad40
-
SSDEEP
196608:qbuCCCZNulPKQ8hY/Bkr/fOIT/+VdlBFKaz5:huN/HYOSIT/EVF9F
Score10/10-
Beapy
Beapy is a python worm with crypto mining capabilities.
-
Beapy family
-
Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
-
Mimikatz family
-
Contacts a large (9145) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
mimikatz is an open source tool to dump credentials on Windows
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Indicator Removal: Clear Persistence
Clear artifacts associated with previously established persistence like scheduletasks on a host.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Scheduled Task/Job
1Scheduled Task
1Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Indicator Removal
1Clear Persistence
1