Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    762fc3fe535ca257bfd8ccefb63d7a2619ade93952cda4918d65eb37e115c0a4

  • Size

    875KB

  • Sample

    221006-g3keaaggdp

  • MD5

    42c344b80e9c977401aac6b86354a742

  • SHA1

    16991bf9130d3d6d00943f709c4d6b5c463636f4

  • SHA256

    762fc3fe535ca257bfd8ccefb63d7a2619ade93952cda4918d65eb37e115c0a4

  • SHA512

    dc9c665b031c011df8626c8c6f358b0adf80248cc8606b47373c44f2e508a3f61e30a1dc7b059aea77aa5c2e71da75adca2d6860ebf2fb26fcb2a337da0c51b5

  • SSDEEP

    6144:9lNvmYfeQDAYbtZLgpnvMGNxFGZRi1BkiihLuodNLj01Zf3Nr/G3FXe6hE8yafYR:DNfbAHn0G0G1yiwuo/gDfN70XeBAK5Y

Malware Config

Targets

    • Target

      762fc3fe535ca257bfd8ccefb63d7a2619ade93952cda4918d65eb37e115c0a4

    • Size

      875KB

    • MD5

      42c344b80e9c977401aac6b86354a742

    • SHA1

      16991bf9130d3d6d00943f709c4d6b5c463636f4

    • SHA256

      762fc3fe535ca257bfd8ccefb63d7a2619ade93952cda4918d65eb37e115c0a4

    • SHA512

      dc9c665b031c011df8626c8c6f358b0adf80248cc8606b47373c44f2e508a3f61e30a1dc7b059aea77aa5c2e71da75adca2d6860ebf2fb26fcb2a337da0c51b5

    • SSDEEP

      6144:9lNvmYfeQDAYbtZLgpnvMGNxFGZRi1BkiihLuodNLj01Zf3Nr/G3FXe6hE8yafYR:DNfbAHn0G0G1yiwuo/gDfN70XeBAK5Y

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks