Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c9f79dd274af2011b1ce4469ca50dcfb59f2c1e81d98c846ed9ec5c704261e3d

  • Size

    1.2MB

  • Sample

    221125-pbwl8sfe98

  • MD5

    73d723c5dcf1d9e1565c126583222fdc

  • SHA1

    486f5060713a7b13877321dd27d461bbc23e7842

  • SHA256

    c9f79dd274af2011b1ce4469ca50dcfb59f2c1e81d98c846ed9ec5c704261e3d

  • SHA512

    f0954fc9b566aaea850596227ec0b37ea3697b687a65de257baa6ea6e983798d107cbc8918ecee46f4898292139071c75883ee748f0321d862c3aa8ae61a0112

  • SSDEEP

    24576:lSpVB0yfUz7MrrCwE3dYuuo5dz5zEuizJ2nuZgF2CpVkuG3J:l8duf5zMzAmgFjW

Malware Config

Targets

    • Target

      c9f79dd274af2011b1ce4469ca50dcfb59f2c1e81d98c846ed9ec5c704261e3d

    • Size

      1.2MB

    • MD5

      73d723c5dcf1d9e1565c126583222fdc

    • SHA1

      486f5060713a7b13877321dd27d461bbc23e7842

    • SHA256

      c9f79dd274af2011b1ce4469ca50dcfb59f2c1e81d98c846ed9ec5c704261e3d

    • SHA512

      f0954fc9b566aaea850596227ec0b37ea3697b687a65de257baa6ea6e983798d107cbc8918ecee46f4898292139071c75883ee748f0321d862c3aa8ae61a0112

    • SSDEEP

      24576:lSpVB0yfUz7MrrCwE3dYuuo5dz5zEuizJ2nuZgF2CpVkuG3J:l8duf5zMzAmgFjW

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v6

Tasks