Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
762fc3fe535ca257bfd8ccefb63d7a2619ade93952cda4918d65eb37e115c0a4
-
Size
875KB
-
Sample
221006-g3keaaggdp
-
MD5
42c344b80e9c977401aac6b86354a742
-
SHA1
16991bf9130d3d6d00943f709c4d6b5c463636f4
-
SHA256
762fc3fe535ca257bfd8ccefb63d7a2619ade93952cda4918d65eb37e115c0a4
-
SHA512
dc9c665b031c011df8626c8c6f358b0adf80248cc8606b47373c44f2e508a3f61e30a1dc7b059aea77aa5c2e71da75adca2d6860ebf2fb26fcb2a337da0c51b5
-
SSDEEP
6144:9lNvmYfeQDAYbtZLgpnvMGNxFGZRi1BkiihLuodNLj01Zf3Nr/G3FXe6hE8yafYR:DNfbAHn0G0G1yiwuo/gDfN70XeBAK5Y
Malware Config
Targets
-
-
Target
762fc3fe535ca257bfd8ccefb63d7a2619ade93952cda4918d65eb37e115c0a4
-
Size
875KB
-
MD5
42c344b80e9c977401aac6b86354a742
-
SHA1
16991bf9130d3d6d00943f709c4d6b5c463636f4
-
SHA256
762fc3fe535ca257bfd8ccefb63d7a2619ade93952cda4918d65eb37e115c0a4
-
SHA512
dc9c665b031c011df8626c8c6f358b0adf80248cc8606b47373c44f2e508a3f61e30a1dc7b059aea77aa5c2e71da75adca2d6860ebf2fb26fcb2a337da0c51b5
-
SSDEEP
6144:9lNvmYfeQDAYbtZLgpnvMGNxFGZRi1BkiihLuodNLj01Zf3Nr/G3FXe6hE8yafYR:DNfbAHn0G0G1yiwuo/gDfN70XeBAK5Y
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-