Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    sanderling.dat

  • Size

    209KB

  • Sample

    221025-j3qmeacaa6

  • MD5

    d902936120a6ead1482e56d42737f292

  • SHA1

    fa458e2ff62e2a1a2038981f7ab9d73236d47816

  • SHA256

    0759dbf38d0703e42fd755b195123cd891e84267c46fde76332e6d31da8d02b1

  • SHA512

    d2bbfcb3244b995d31956584e052e0bb9a1e03b7c57091a2e641561a3cea31c8b3963710ff8fe34e331842e66e7a94412561d8c44f5979f35f1a63dfc856115e

  • SSDEEP

    3072:/QCH0KDtVpkDi9bIUTAhtMjUeFIjf7E1CmsB:/nHL5VpKiKmwjf/

Malware Config

Extracted

Family

icedid

Campaign

3447045697

C2

nipsontaz.com

Targets

    • Target

      sanderling.dat

    • Size

      209KB

    • MD5

      d902936120a6ead1482e56d42737f292

    • SHA1

      fa458e2ff62e2a1a2038981f7ab9d73236d47816

    • SHA256

      0759dbf38d0703e42fd755b195123cd891e84267c46fde76332e6d31da8d02b1

    • SHA512

      d2bbfcb3244b995d31956584e052e0bb9a1e03b7c57091a2e641561a3cea31c8b3963710ff8fe34e331842e66e7a94412561d8c44f5979f35f1a63dfc856115e

    • SSDEEP

      3072:/QCH0KDtVpkDi9bIUTAhtMjUeFIjf7E1CmsB:/nHL5VpKiKmwjf/

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks