Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cb2a2be7c24e35bafb85bcdb05e19c108452630f54719e2134339df59e9aa060

  • Size

    6.2MB

  • Sample

    220524-rqey5shgck

  • MD5

    538113e9711446351217d1d2b93b1885

  • SHA1

    6fc25abd2a7e1e15113eea2105349065681b1c27

  • SHA256

    cb2a2be7c24e35bafb85bcdb05e19c108452630f54719e2134339df59e9aa060

  • SHA512

    c3e20b52373785549dfa269b692fa007aa0cede221e95f705b33d4a36a54e6cbfdf3c1831c11e2c3035aab7f171e152e6a14cc0913916965f8e12a789ffdf49f

Malware Config

Targets

    • Target

      cb2a2be7c24e35bafb85bcdb05e19c108452630f54719e2134339df59e9aa060

    • Size

      6.2MB

    • MD5

      538113e9711446351217d1d2b93b1885

    • SHA1

      6fc25abd2a7e1e15113eea2105349065681b1c27

    • SHA256

      cb2a2be7c24e35bafb85bcdb05e19c108452630f54719e2134339df59e9aa060

    • SHA512

      c3e20b52373785549dfa269b692fa007aa0cede221e95f705b33d4a36a54e6cbfdf3c1831c11e2c3035aab7f171e152e6a14cc0913916965f8e12a789ffdf49f

    • Modifies WinLogon for persistence

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks