Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Mercury.C.exe

  • Size

    1.0MB

  • Sample

    230610-ydal8agd5t

  • MD5

    f7b55502a71cef2d1e70d88aeeb63d73

  • SHA1

    bfd5a73a583a78464cb9f46d3799f6c9f47663ff

  • SHA256

    9eb6551959a913de98898302ec764841be357c0786038bdfa1c3d7f269d490a6

  • SHA512

    ec32ab1b6a7839af70cd6cf17e74158cefc0590e80ef9ae09df2cf50ae7837cb19c629b7d70a9901e5951b64e193ec1f08ba2d8ff47a90c76529bf7cb1bae6b8

  • SSDEEP

    24576:ByLw3WVoK5w/NyZtkzhnxAwUKm4MEoiE:uwW+KIWtk9nlUKm4MtiE

Malware Config

Targets

    • Target

      Mercury.C.exe

    • Size

      1.0MB

    • MD5

      f7b55502a71cef2d1e70d88aeeb63d73

    • SHA1

      bfd5a73a583a78464cb9f46d3799f6c9f47663ff

    • SHA256

      9eb6551959a913de98898302ec764841be357c0786038bdfa1c3d7f269d490a6

    • SHA512

      ec32ab1b6a7839af70cd6cf17e74158cefc0590e80ef9ae09df2cf50ae7837cb19c629b7d70a9901e5951b64e193ec1f08ba2d8ff47a90c76529bf7cb1bae6b8

    • SSDEEP

      24576:ByLw3WVoK5w/NyZtkzhnxAwUKm4MEoiE:uwW+KIWtk9nlUKm4MtiE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v6

Tasks