Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f679337d58f6c263914e5bc75985240a29694e590d4d791322a652fcbd36140a

  • Size

    4.5MB

  • Sample

    221125-l2w4xach7x

  • MD5

    5029e522685735a64b2144d1bc055341

  • SHA1

    d18eabb20553c040cb3ec59a5973cf1e22cb044a

  • SHA256

    f679337d58f6c263914e5bc75985240a29694e590d4d791322a652fcbd36140a

  • SHA512

    9173b50738149ec003399465448dcfed27fc8478efa3c1ec862bdfe07a5ff16f2a380d31a6f71926cc3120d4cea028c6475d04244f5ef8717dbb91cae939fc1d

  • SSDEEP

    98304:eL3EGbtU6AMHA+dZ+voSBkG9rYtgRu6h9sx6KHm8XyTXhGG3:Sv4Mg+d4wEkuBp9sx6mmTFGG

Malware Config

Targets

    • Target

      f679337d58f6c263914e5bc75985240a29694e590d4d791322a652fcbd36140a

    • Size

      4.5MB

    • MD5

      5029e522685735a64b2144d1bc055341

    • SHA1

      d18eabb20553c040cb3ec59a5973cf1e22cb044a

    • SHA256

      f679337d58f6c263914e5bc75985240a29694e590d4d791322a652fcbd36140a

    • SHA512

      9173b50738149ec003399465448dcfed27fc8478efa3c1ec862bdfe07a5ff16f2a380d31a6f71926cc3120d4cea028c6475d04244f5ef8717dbb91cae939fc1d

    • SSDEEP

      98304:eL3EGbtU6AMHA+dZ+voSBkG9rYtgRu6h9sx6KHm8XyTXhGG3:Sv4Mg+d4wEkuBp9sx6mmTFGG

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks