Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fd221d8c89c5aebbe02e3794def9cb4e8d5cb6076053b9bb5f56f5e09ee07447

  • Size

    4.9MB

  • Sample

    221206-2gdd3adc2s

  • MD5

    e678ed6062a8be299d4db0a6f9813319

  • SHA1

    ecac051f6bfb0a071b08f7da6d8f256cca68d778

  • SHA256

    fd221d8c89c5aebbe02e3794def9cb4e8d5cb6076053b9bb5f56f5e09ee07447

  • SHA512

    839b8e92d2b61b00a2c9fcb12ac4b066f9f46ec8dadcab763b409513f6c6a5539680a505ef5e2027f5c97238cfa686fa7c5b99ab21a5aa2d53af4a513eec9ff0

  • SSDEEP

    98304:OSr8VIN4BsICmhGObDshxWdIxiWx890YyXbZFPK+Tear7MJ3FBPEt:OSrNemYnDWxWYiW690YibHdea3A3vPEt

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    petrivanich.aiq.ru
  • Port:
    21
  • Username:
    u364825
  • Password:
    lu7l4mqm

Targets

    • Target

      fd221d8c89c5aebbe02e3794def9cb4e8d5cb6076053b9bb5f56f5e09ee07447

    • Size

      4.9MB

    • MD5

      e678ed6062a8be299d4db0a6f9813319

    • SHA1

      ecac051f6bfb0a071b08f7da6d8f256cca68d778

    • SHA256

      fd221d8c89c5aebbe02e3794def9cb4e8d5cb6076053b9bb5f56f5e09ee07447

    • SHA512

      839b8e92d2b61b00a2c9fcb12ac4b066f9f46ec8dadcab763b409513f6c6a5539680a505ef5e2027f5c97238cfa686fa7c5b99ab21a5aa2d53af4a513eec9ff0

    • SSDEEP

      98304:OSr8VIN4BsICmhGObDshxWdIxiWx890YyXbZFPK+Tear7MJ3FBPEt:OSrNemYnDWxWYiW690YibHdea3A3vPEt

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks