Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    196155f5683076612302454a3c5923a7d45a955d421a4d3044d2cd972d350063

  • Size

    192KB

  • Sample

    221207-edscgsfb5x

  • MD5

    c6b6ada4af2228bb4efd739c15fff10e

  • SHA1

    8465461533b24cb90f25b72b17371c37a3095e10

  • SHA256

    196155f5683076612302454a3c5923a7d45a955d421a4d3044d2cd972d350063

  • SHA512

    4d694056339b5eefdef5736931de1d812505a4ecf41bfbfadf3f2fedc3fa2378bfbfe08a9dcf4ec0d1b04e1659f556e63325efbcb105ec9cc7bd362ed23f257c

  • SSDEEP

    1536:vvVQb4cLIkN+4Weat2RKLjWlC48Pp9JAcjrSrowg:vvVQLIkLWeaA8KlCph9Growg

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Targets

    • Target

      196155f5683076612302454a3c5923a7d45a955d421a4d3044d2cd972d350063

    • Size

      192KB

    • MD5

      c6b6ada4af2228bb4efd739c15fff10e

    • SHA1

      8465461533b24cb90f25b72b17371c37a3095e10

    • SHA256

      196155f5683076612302454a3c5923a7d45a955d421a4d3044d2cd972d350063

    • SHA512

      4d694056339b5eefdef5736931de1d812505a4ecf41bfbfadf3f2fedc3fa2378bfbfe08a9dcf4ec0d1b04e1659f556e63325efbcb105ec9cc7bd362ed23f257c

    • SSDEEP

      1536:vvVQb4cLIkN+4Weat2RKLjWlC48Pp9JAcjrSrowg:vvVQLIkLWeaA8KlCph9Growg

    Score
    10/10
    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks