Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e395674bd3eb6188f19eb0f0096614206d53b497e31505eec88c01a3c36b39c9

  • Size

    956KB

  • Sample

    221205-jdn3aaha79

  • MD5

    91e26fcd287123ed5f93bb043a90f7b9

  • SHA1

    943e3c924803575b44e744346a8838f7e36a5d01

  • SHA256

    e395674bd3eb6188f19eb0f0096614206d53b497e31505eec88c01a3c36b39c9

  • SHA512

    31f39ed1363d4877c0ae53a6e5eb4d469e6f005171d2fd456af83012a975e5718707ac2abfffb55d2b829dccfd00dceeb0cfa93bc1b276d34ae68d384a6a77a6

  • SSDEEP

    12288:3GdJmDSu3lBI4KMWhT8txw8HG4xX7/oQ0BONx35ApaGrJ5E6iWIrrT+BBgUs:3GdOnBkZqa8xXcYb5AEuj5IrI6v

Malware Config

Targets

    • Target

      e395674bd3eb6188f19eb0f0096614206d53b497e31505eec88c01a3c36b39c9

    • Size

      956KB

    • MD5

      91e26fcd287123ed5f93bb043a90f7b9

    • SHA1

      943e3c924803575b44e744346a8838f7e36a5d01

    • SHA256

      e395674bd3eb6188f19eb0f0096614206d53b497e31505eec88c01a3c36b39c9

    • SHA512

      31f39ed1363d4877c0ae53a6e5eb4d469e6f005171d2fd456af83012a975e5718707ac2abfffb55d2b829dccfd00dceeb0cfa93bc1b276d34ae68d384a6a77a6

    • SSDEEP

      12288:3GdJmDSu3lBI4KMWhT8txw8HG4xX7/oQ0BONx35ApaGrJ5E6iWIrrT+BBgUs:3GdOnBkZqa8xXcYb5AEuj5IrI6v

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks