Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
avira_phantom_vpn_2.44.1.19908.zip
-
Size
6.2MB
-
Sample
250328-lq2j9at1bz
-
MD5
b9b2f585fb621dcf7e0858987eaa774d
-
SHA1
0f5d26a3041308b7ec1659ef9891f87daedcd3a8
-
SHA256
811f17cb1e3e1bf202c254d755f3b00a3289366db84ca61ebef786f9397755e0
-
SHA512
62df05928a67651bca557a6d161e00c34c81052549e51e422d9c0753e3548ddad981ce3e2ba638f8baff6692dc8b110012a25d81b6d218b6100bbb272413a9ea
-
SSDEEP
98304:HQWi5GflAJd9R0uA0MUr0A8KJO4vEmVl+2jF+iq439Joj2LV7QyKIz:HQWikWk0MG04DJjVtJoqGytz
Malware Config
Targets
-
-
Target
avira_phantom_vpn_2.44.1.19908.zip
-
Size
6.2MB
-
MD5
b9b2f585fb621dcf7e0858987eaa774d
-
SHA1
0f5d26a3041308b7ec1659ef9891f87daedcd3a8
-
SHA256
811f17cb1e3e1bf202c254d755f3b00a3289366db84ca61ebef786f9397755e0
-
SHA512
62df05928a67651bca557a6d161e00c34c81052549e51e422d9c0753e3548ddad981ce3e2ba638f8baff6692dc8b110012a25d81b6d218b6100bbb272413a9ea
-
SSDEEP
98304:HQWi5GflAJd9R0uA0MUr0A8KJO4vEmVl+2jF+iq439Joj2LV7QyKIz:HQWikWk0MG04DJjVtJoqGytz
Score1/10 -
-
-
Target
Avira Phantom VPN 2.44.1.19908.exe
-
Size
6.2MB
-
MD5
f0ff203da7a5dbf52f89bf4930dfb005
-
SHA1
6ecad7e1e9b4d3800db11deb846bc828d613114f
-
SHA256
377ec7ee0fe6f11f6b06bee64c4db9a86d40c3ca6f376854b07b07c2a5715c4b
-
SHA512
af644df1f92142611ba00b1df5d6c5220a5adb09f2886e023a7cbad8d563c3cb49ed05643ddd4060827497ed2c71b92dc4d8007dd1c7200433a3887f23f00401
-
SSDEEP
98304:HdsI+4xafVgFN53emA6EUBM40WzIGJeqVzYMjV+YYUP9NaLyzLHiKsig:yI+4IUy6EEqGD/jdlNaWKKrg
Score8/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
_Silent Install.cmd
-
Size
1KB
-
MD5
dc692760fdb24d67353a58c978e14740
-
SHA1
d1865b64d93aa24055c39cda5b1803b550bd8155
-
SHA256
06d6f2f798d29a5af31b44f5c48f4c34779eb20fced3e2c6ff5170b78a92f301
-
SHA512
d73c7c6083788ef04d14bfbffd5d9f5d7c73942c5bde965dcf0967223b4d0a4d2d2d00a408ccc7c414b0f215f61fc038d0523a1c9a0aee33cf2b789cc99f6cb3
Score8/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1