Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

e1763315e4...31.exe

windows7_x64

10

e1763315e4...31.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e1763315e4a75661f19e324cac85ea4b1acbe6ffe2a2dc9441bd6fc2d89f3031

  • Size

    6.2MB

  • Sample

    220524-sdg4eaahhp

  • MD5

    9af294b452c7e6d6b6698595fc25afa1

  • SHA1

    a353d76c5a509b87c3895ffa8b88fbd38d3c4d7c

  • SHA256

    e1763315e4a75661f19e324cac85ea4b1acbe6ffe2a2dc9441bd6fc2d89f3031

  • SHA512

    de4c752d87daf97cdbe639c7323a71941c9a9461d6f7b828f45ad0173442d99292b745a8d92a294ec73e6f2e8e3465bc849df33bfd036ab2a4c69cd30b712f49

Score
10/10
rmspersistencerattrojan

Malware Config

Targets

    • Target

      e1763315e4a75661f19e324cac85ea4b1acbe6ffe2a2dc9441bd6fc2d89f3031

    • Size

      6.2MB

    • MD5

      9af294b452c7e6d6b6698595fc25afa1

    • SHA1

      a353d76c5a509b87c3895ffa8b88fbd38d3c4d7c

    • SHA256

      e1763315e4a75661f19e324cac85ea4b1acbe6ffe2a2dc9441bd6fc2d89f3031

    • SHA512

      de4c752d87daf97cdbe639c7323a71941c9a9461d6f7b828f45ad0173442d99292b745a8d92a294ec73e6f2e8e3465bc849df33bfd036ab2a4c69cd30b712f49

    Score
    10/10
    rmsrattrojanpersistence

    • Modifies WinLogon for persistence

      persistence

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

      trojanratrms

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks