Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cbac7a2c70e84b2c0c3d8ad5a984cd71e3020f0eab4359167d01633a4649a9cd

  • Size

    208KB

  • Sample

    221129-ee2ybace84

  • MD5

    7f34e60eb96d8c913ea178e801d8bfa5

  • SHA1

    c1c93ae17420eeb682c2137eed7defd5660e1297

  • SHA256

    cbac7a2c70e84b2c0c3d8ad5a984cd71e3020f0eab4359167d01633a4649a9cd

  • SHA512

    29c715f94da598ae3992c8c48327ae0f3bdb1329f642fa6648b465490f022f26a3dcdb07ebe4aeb32f33623c83f2fb154d2de23b818cdf33cb02ce3118b9d763

  • SSDEEP

    3072:VVHgCc4xGvbwcU9KQ2BBAHmaPxNVosb5E:ICc4xGxWKQ2Bonx

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.byethost12.com
  • Port:
    21
  • Username:
    b12_8082975
  • Password:
    951753zx

Targets

    • Target

      cbac7a2c70e84b2c0c3d8ad5a984cd71e3020f0eab4359167d01633a4649a9cd

    • Size

      208KB

    • MD5

      7f34e60eb96d8c913ea178e801d8bfa5

    • SHA1

      c1c93ae17420eeb682c2137eed7defd5660e1297

    • SHA256

      cbac7a2c70e84b2c0c3d8ad5a984cd71e3020f0eab4359167d01633a4649a9cd

    • SHA512

      29c715f94da598ae3992c8c48327ae0f3bdb1329f642fa6648b465490f022f26a3dcdb07ebe4aeb32f33623c83f2fb154d2de23b818cdf33cb02ce3118b9d763

    • SSDEEP

      3072:VVHgCc4xGvbwcU9KQ2BBAHmaPxNVosb5E:ICc4xGxWKQ2Bonx

    Score
    10/10
    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks