Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Tor_server.bat

  • Size

    13.3MB

  • Sample

    230411-1pf99aff56

  • MD5

    5b78770d26a9fd2865d946e15f6d3461

  • SHA1

    54f53ee915d14564c306d085ec7a13f605248cf1

  • SHA256

    4fa4c520361ee63e7d28a5a636bdd0cd20faf998d1561d38184904ea97e37e18

  • SHA512

    afa04485c331796f399865c9e01763979a9c52236f2e8726352685be88f05c1cdc46f40b1366832a119872a025247cde158373d52c98ba40099a61658bdd161a

  • SSDEEP

    49152:R8PZBvM7+OPeFknvKYEO5fkqB31m3Ei+vrojMj1YqmyljkjK5qGiuJ6hpTlNJkvM:i

Score
10/10

Malware Config

Targets

    • Target

      Tor_server.bat

    • Size

      13.3MB

    • MD5

      5b78770d26a9fd2865d946e15f6d3461

    • SHA1

      54f53ee915d14564c306d085ec7a13f605248cf1

    • SHA256

      4fa4c520361ee63e7d28a5a636bdd0cd20faf998d1561d38184904ea97e37e18

    • SHA512

      afa04485c331796f399865c9e01763979a9c52236f2e8726352685be88f05c1cdc46f40b1366832a119872a025247cde158373d52c98ba40099a61658bdd161a

    • SSDEEP

      49152:R8PZBvM7+OPeFknvKYEO5fkqB31m3Ei+vrojMj1YqmyljkjK5qGiuJ6hpTlNJkvM:i

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks