Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    00cc98ce7f33a796f773a3ba7940099164135fe1d0921bf6507d0a5f46290243

  • Size

    1.0MB

  • Sample

    221021-efjs5aahap

  • MD5

    1742b7dfca7d2d1d3f160f39d8e58524

  • SHA1

    474192523d4c547f1f2f18092c92034c195360ea

  • SHA256

    00cc98ce7f33a796f773a3ba7940099164135fe1d0921bf6507d0a5f46290243

  • SHA512

    85729a97e3cce1e88a86e5df3a92e85b54fbb761dedb8ec1c79d5a7fd2b39e33311203e941c7877465a2f96b5703e014bd778d15ba1a379695302c33172e2dd0

  • SSDEEP

    24576:mw3dpJlpvCPe9Mgr6fL6BoIlmXh7tXj/RiSK9:mCD1qgr6WiIgX9R9HC

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.drivehq.com
  • Port:
    21
  • Username:
    donatchange10
  • Password:
    qazwsx741

Targets

    • Target

      00cc98ce7f33a796f773a3ba7940099164135fe1d0921bf6507d0a5f46290243

    • Size

      1.0MB

    • MD5

      1742b7dfca7d2d1d3f160f39d8e58524

    • SHA1

      474192523d4c547f1f2f18092c92034c195360ea

    • SHA256

      00cc98ce7f33a796f773a3ba7940099164135fe1d0921bf6507d0a5f46290243

    • SHA512

      85729a97e3cce1e88a86e5df3a92e85b54fbb761dedb8ec1c79d5a7fd2b39e33311203e941c7877465a2f96b5703e014bd778d15ba1a379695302c33172e2dd0

    • SSDEEP

      24576:mw3dpJlpvCPe9Mgr6fL6BoIlmXh7tXj/RiSK9:mCD1qgr6WiIgX9R9HC

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks