Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    UNILEVER PURCHASE ORDER #076863 for acknowledgement.pdf.jar

  • Size

    220KB

  • Sample

    230327-qlstrsdf27

  • MD5

    b63df0e1517233d0d5d60e5375b774b2

  • SHA1

    063aedab9fa8b4ef44dd8ca8f08e00496e21546a

  • SHA256

    0431faeccbeca99b242fe5d8464ad5fcc7a24a853df8424d9c49951911e4fdab

  • SHA512

    61bbef99c1ae4ffe32a89a0e8e2d586fc26c5fd9932b3a58f97ef99e7f18f968a67a6818f7160b0f74d140e2ca989f6d39845c906b9de8aab44430938afa17ce

  • SSDEEP

    6144:SZuvXdGeqfj20asN+YfalfNZCDtKJdtoe:YuvtfqfpxNhfQNMIbie

Malware Config

Targets

    • Target

      UNILEVER PURCHASE ORDER #076863 for acknowledgement.pdf.jar

    • Size

      220KB

    • MD5

      b63df0e1517233d0d5d60e5375b774b2

    • SHA1

      063aedab9fa8b4ef44dd8ca8f08e00496e21546a

    • SHA256

      0431faeccbeca99b242fe5d8464ad5fcc7a24a853df8424d9c49951911e4fdab

    • SHA512

      61bbef99c1ae4ffe32a89a0e8e2d586fc26c5fd9932b3a58f97ef99e7f18f968a67a6818f7160b0f74d140e2ca989f6d39845c906b9de8aab44430938afa17ce

    • SSDEEP

      6144:SZuvXdGeqfj20asN+YfalfNZCDtKJdtoe:YuvtfqfpxNhfQNMIbie

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks