Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    76447fec55fa1a5623e0274605e4134184425fdf99c01b7003ff0b3aa6eccdf2.zip

  • Size

    2.1MB

  • Sample

    220919-y51bysgaf4

  • MD5

    bebacb9c90c3da60cccf24b3887d498c

  • SHA1

    7bd77a629ef2292cfc15dcb4f7adca04d0a12422

  • SHA256

    dc33e7949c947d213db7a8c1cb9217793544dfebebba77ccda1f8fdacf422327

  • SHA512

    38b970336849bdaca2598472e4da1f5ca6e4b44bb633fd849e58193ce320f28f40923d6ddd1f109caf69281ec1e5c9f78677e89b856926fe313de07d587a95f2

  • SSDEEP

    49152:YWkRPIG5GNH5wO/TOvjpxNVbbCBaX/B6zg/dJ:XSt58WAOvRV6EXp68lJ

Malware Config

Extracted

Family

icedid

Campaign

3281798692

C2

kolinandod.com

Targets

    • Target

      76447fec55fa1a5623e0274605e4134184425fdf99c01b7003ff0b3aa6eccdf2

    • Size

      2.1MB

    • MD5

      3325bd0f3dace44f9eac6d8a47b6b0e1

    • SHA1

      a3ab8a9783a6ad34d165f928c4603f59b529863c

    • SHA256

      76447fec55fa1a5623e0274605e4134184425fdf99c01b7003ff0b3aa6eccdf2

    • SHA512

      1fc1a826bda4f2fa50fcb4cb14584feec21b30d5942de53b9d04f8a668fb826cd752b3220386fda75c674393ee1f8b78d3611b9d4b6230e6f7419a838a60621d

    • SSDEEP

      49152:CGMZCMYhgl5R/4NurkXDYqM/JDK6M3fKgDaJx:vMZCMYh0DHkX8hDK9igDo

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks