Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    csr-bluetooth-4.0-driver.zip

  • Size

    407.4MB

  • Sample

    230512-r5n6csde34

  • MD5

    2c6a2908295c80fb516d802d373b8f76

  • SHA1

    e2df72e76a7e8f7b936a7c76ef4c6460e763d2ae

  • SHA256

    51d03aad9e9f8ef2282daa338adc42d8ad0ae2ef67c09bfe384170901c869c36

  • SHA512

    d73bb44eeca5958ddfed6768e863d4d7794735a60f11433b5efd8e485d80a5d2ad46152576654af696601e4ef3460cb630896f8ed015d8b1ef39099b5b559a4e

  • SSDEEP

    6291456:kErJCp7M6kYGrJzF1mDR4FFSMFJYokt1rXz+Du2bOxrjlp5TGi4h3D3H1hzBeO5A:k4opw5CREKtjSWl3CiQzf4I8

Score
8/10

Malware Config

Targets

    • Target

      Autorun.inf

    • Size

      57B

    • MD5

      73130d708da8f3af1c6ddaf642e945cd

    • SHA1

      1d3d93aecba8dbbe218b2108c82023af0a9926bd

    • SHA256

      c4ec195fbb0439ed338bb8d9925af50e49de1b29dcb72135df7f1800db3d195e

    • SHA512

      2e313dc001fe4c9dfcededef92ab3e1f2168f9c002ef8a0ec956aa01271bfd62fe26ef3f61aeeb05b31f774cb888c26cb0443a6fd344c8316b9337ebb2feb661

    Score
    1/10
    • Target

      Setup.bmp

    • Size

      777KB

    • MD5

      368f0a916240898cc18d8291643b454a

    • SHA1

      a7875dbf874e953e7b57e3818f924721d24bd4c9

    • SHA256

      1d6478f6da9de299e694bc76a460bfc143b8ceadf2ae1c2eab8531b48f431c06

    • SHA512

      6679a89a00def240c867252a6685ad57e0d05e5ea257dd311ad40e1ef51ee100f7d69836e2cfc6cf2fa69d43ed6a0f514e67298b9e0b3be3786d0130d40ef8c4

    • SSDEEP

      3072:iABE+Glkx2zJVwXWpeXjTo4k/gIWLbj/Z2kl/pYQO2APb2syir20X0nrSt/k+31f:bS+GCeVwEeny/bWHTZYQ225ir29OsLJo

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      Setup.exe

    • Size

      92KB

    • MD5

      86475a2101208040be3dc425121c8ff8

    • SHA1

      e9130507efd90353ebbdbaa89d961426b522866c

    • SHA256

      15181942b137b8c6d5f7e7f6dd8df88ccfc12b6e059f158c43c6b4a98f548b93

    • SHA512

      a8fc80661d3707458a88001d6d7a5b33d28dbebe07244e86728f9b37a4f86f12e01192292d5444dca129fc39552fc82828b7102c659144d58264966562846c34

    • SSDEEP

      1536:hr3ml2LZmMp0mOZSIqixdOD0F/k/8PY9f:lmkLZwzaDu/k/8Ad

    Score
    8/10
    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Target

      Silent_Install.bat

    • Size

      49B

    • MD5

      d6baa7def6ceb42310d0acf8cd5afc25

    • SHA1

      e2df58afc62ce98ae50ab0c7b9341e4c92b82b3a

    • SHA256

      5d449b3d34a65240274b540601adcecfe59c0071177273fe8e72614291166166

    • SHA512

      19d2e4cb8dd473d1bf13673c2be0104409c99ef0daa1d77690af9ade1a9496bf2bf070fe9a61db03c8d387ed738e1e369abceca21080033b29dac62fbe9f214d

    Score
    8/10
    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Target

      blutooth_on.ico

    • Size

      361KB

    • MD5

      b7ffda6bf1092ba87bf794b2b74a9e93

    • SHA1

      1729b8c58c755e1663cd994dd63d0d10bef8672d

    • SHA256

      f5063ff5a72b51638fba116503dc7af314fc02fd4e4fa95d22856e236d431be3

    • SHA512

      4ac6401876ffe64ad7cf652371de95dede570c313bd4f826bea428f7976b178ad0ace02c6653a436a79689cb2f7b79f077a2c4195758a1bd32664bc21eb6d3cc

    • SSDEEP

      384:8FzvxNz+i8CRKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK4:tIG

    Score
    3/10
    • Target

      setup.ini

    • Size

      302B

    • MD5

      44528114f80723e903616cf5fae86e45

    • SHA1

      394443a8236df40a8a4a8c5f632016d15b2af7c3

    • SHA256

      be5da73f36fb66e6854700176768ad3f83063c137237782b04f2d1f6513a1994

    • SHA512

      ee36b50a5ed7847aa2fbe705bc2bb9209d40319450d9c5623167f52a8d5b49014b6dad9437bb883f3b905c3362bad759c97ab4c4ff618779d3607b3e57d141c6

    Score
    1/10
    • Target

      x32/setup.exe

    • Size

      189.8MB

    • MD5

      da0bb7868fa68de62c1cfac34e8dd2bd

    • SHA1

      1f1496ea9f490161a1c2ee8839fdadb4a94b3725

    • SHA256

      539e20a7820d76833a884e46c180afe925eae26940860cf3be7706ace5419e88

    • SHA512

      708feba022827f0e3d5c7fc821dfd244ce75c35c95b8b7f140ca0ae5e07ef9af6a8e8c6f21e8169baae3e9ede4038f2300d4b482917111481236160be6e8737d

    • SSDEEP

      3145728:r0u49gTTDzlJOf/R1z67naI26pEftQOEUO9Qa5jlDD/lKJLomIP1xzE9I9tde7Kb:o+NJwbzgaIQO/lf/lKJLiNFEa9tcO8DS

    Score
    8/10
    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Target

      x64/setup.exe

    • Size

      218.8MB

    • MD5

      cae7653e477e1bca78905f3ec9ab91e8

    • SHA1

      59c9180f83a6a2f7b7a0292d0392b3040b75e73f

    • SHA256

      188ac68766be38240fa9572209885a37f10aab5868c0d6661f59feadf35a4f09

    • SHA512

      1fc6bf604a2feaea90e6fb13f433b312bf8080065275a56afd5727ceb5e168663b080660048c8ba8c49bd6794e3c859cf3836c0a30e8cf73aad6598c5f763d55

    • SSDEEP

      3145728:K0nR2fs6Lt+8a1w8ihpPnZztqSI8mb90OlXt92wZvJ+KGtwlW9YM6Bgm/hag+:mfs6LUd1ghpNtqSwLhTZZhPprM6vz+

    Score
    8/10
    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks