Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

03/11/2022, 21:07

221103-zyn6safbg6 10

03/11/2022, 21:01

221103-ztzfyshccm 10

03/11/2022, 15:09

221103-sjnhdabfg4 10

General

  • Target

    8280932809.zip

  • Size

    168KB

  • Sample

    221103-sjnhdabfg4

  • MD5

    609e0025a34515d53fc5321f7ab54e71

  • SHA1

    6188bc7fed87c33e51f678560472869b64d1165e

  • SHA256

    0a712277286bdb83dee39bd389e1ad65e079bdb53b9255fa4b26283b30c9da72

  • SHA512

    e0cd9e11c8bd5928684f480869325c1ca69356598984ac6e7430faf7ecc0008f2339fec229a78a40215f708025d6560a9132f71e8276d04e7dd33c2092ba9900

  • SSDEEP

    3072:CUmLeFoCdtaHXhPF71tCKNc6iBVRXkZ9IuImo8bpU6j5Vkw3+BFUchg:CUmLANIh977/NIy9PImoKVNicchg

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://audioselec.com/about/dDw5ggtyMojggTqhc/

xlm40.dropper

https://geringer-muehle.de/wp-admin/G/

xlm40.dropper

http://intolove.co.uk/wp-admin/FbGhiWtrEzrQ/

xlm40.dropper

http://isc.net.ua/themes/3rU/

Targets

    • Target

      ef2ce641a4e9f270eea626e8e4800b0b97b4a436c40e7af30aeb6f02566b809c

    • Size

      216KB

    • MD5

      2486374800299563ab8934122234242a

    • SHA1

      47bfe94aa96ef43231890f04ccd286b0888e10c8

    • SHA256

      ef2ce641a4e9f270eea626e8e4800b0b97b4a436c40e7af30aeb6f02566b809c

    • SHA512

      74e52e1e1317908447340cbba32949321ed435f17a524224af80236ecdf67187c83908cca514e82a49b9abe9495125ba741e01ed8f30663124c13fce339c63e5

    • SSDEEP

      6144:bKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgAyY+TAQXTHGUMEyP5p6f5jQmK:GbGUMVWlbK

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks