Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    gootloader-payload.js

  • Size

    245KB

  • Sample

    220923-rs27fsaeer

  • MD5

    3793a0bc98b744d1ad1a41cad211c08d

  • SHA1

    69d470c25bef8d7185263a8288114db3903979e5

  • SHA256

    58105e33f351cfa7bde0c3c4dda630379f0f71ddf8dc2a1ce63ea194607f3551

  • SHA512

    e18b1f47db6efe21b78c81c05cb18ffbe73e3238a999858331be39a35f1548f975098ff81852f0637e9ee9170c43c0b0d8b63977d805717b7dc9333508a93b74

  • SSDEEP

    1536:WRml64QvRDKbimZOQyXjdBMWxXJUGkJPZF40nuOMdo4JpqU1vmROQxB/Nfr27NV5:ShPnluOo3xBX0iRSMzelxUtIATOCsd

Malware Config

Extracted

Family

icedid

Campaign

2475032331

C2

zalikomanperis.com

Targets

    • Target

      gootloader-payload.js

    • Size

      245KB

    • MD5

      3793a0bc98b744d1ad1a41cad211c08d

    • SHA1

      69d470c25bef8d7185263a8288114db3903979e5

    • SHA256

      58105e33f351cfa7bde0c3c4dda630379f0f71ddf8dc2a1ce63ea194607f3551

    • SHA512

      e18b1f47db6efe21b78c81c05cb18ffbe73e3238a999858331be39a35f1548f975098ff81852f0637e9ee9170c43c0b0d8b63977d805717b7dc9333508a93b74

    • SSDEEP

      1536:WRml64QvRDKbimZOQyXjdBMWxXJUGkJPZF40nuOMdo4JpqU1vmROQxB/Nfr27NV5:ShPnluOo3xBX0iRSMzelxUtIATOCsd

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks