Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Monoxid Opener.zip
-
Size
21.0MB
-
Sample
230612-s9ecdsch76
-
MD5
bf86a58bfa4d5932e4b4fcf5f1b72b51
-
SHA1
db3dc8ad33afa3b15f02c37418e1c3a24873f8e0
-
SHA256
a2b8f065a88513fa236b345fe96db861ed9733e853c243bca38dc02e67f8fb00
-
SHA512
2e2ad8fc81b76745612b24a59fe7d15fbeb3807c8dd6747e1491158b8585495967ca502fc740807ee83939ad1bc4d0d47e03c358a64a63780545490a56508a24
-
SSDEEP
393216:AO3Y0AuF6rAad/pg0Ms8kS9L7X/7T1NpH5iWuNYS:73Y0AVrAG/p5z8kSN7X/H1TCYS
Malware Config
Targets
-
-
Target
Monoxid Opener.zip
-
Size
21.0MB
-
MD5
bf86a58bfa4d5932e4b4fcf5f1b72b51
-
SHA1
db3dc8ad33afa3b15f02c37418e1c3a24873f8e0
-
SHA256
a2b8f065a88513fa236b345fe96db861ed9733e853c243bca38dc02e67f8fb00
-
SHA512
2e2ad8fc81b76745612b24a59fe7d15fbeb3807c8dd6747e1491158b8585495967ca502fc740807ee83939ad1bc4d0d47e03c358a64a63780545490a56508a24
-
SSDEEP
393216:AO3Y0AuF6rAad/pg0Ms8kS9L7X/7T1NpH5iWuNYS:73Y0AVrAG/p5z8kSN7X/H1TCYS
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
Monoxid Opener/dll/1.exe
-
Size
21.1MB
-
MD5
0e65eff87b40db06b3e06c016eabc657
-
SHA1
511ece10ecaf6d0db4698e3bc1ce2b008992e850
-
SHA256
e7914996cb1ac6423741454ef5f181224eebf60295299e444645f858f25ce99a
-
SHA512
77fdb0287be54c46f27f3e47884b9aa3e7f1901f96b7716eb837894582e3fe6ff2be03edc5e3278903bad0e7f6ddb60c1faf39374457f08f2581425813cb5761
-
SSDEEP
393216:s7YC+pwszf490yDfDYQ9MpfaMPg5RdsE892zd0zdT5:qYC+Wszfm0ybUQ9uf9Pg5zsEL+
Score7/10-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Monoxid Opener/dll/2.vbs
-
Size
30B
-
MD5
86346e22ef10075fb36762e2bc93ced3
-
SHA1
f32c1c45a5433dcf442704ca3c91aa4f7c24f81c
-
SHA256
f3d645c8517a995da9e573416788b4f45b6981e4b98bf4d8d461656c802f1381
-
SHA512
740d5fca35ef422586a2325f2c3423a3c34409cc91481022c5085283b5370d92a4b77ea8b4c0ba2e4aeee12faf655f0d3475f704766cdde2334afe97ffd4b756
Score1/10 -
-
-
Target
Monoxid Opener/dll/3.exe
-
Size
305KB
-
MD5
616861cfda9ddef5b3fff0090aaa45d8
-
SHA1
bc7faeb0be99fc397dd6d896fd0f9d58aa9e27c6
-
SHA256
de918f62f0d6acacfeea67992deae5787d5d23ffe0bbdf7f8486ff8fffc5742e
-
SHA512
98daaec5c18eded91191b4f78a6749d95448db7ac35226b9e8385352302e821ee8492eac2a7b2bcd1cff89afd0d85770bfb2360e0943f50db3d765cbab9c7a22
-
SSDEEP
6144:fqKyPmBLp8BMLm7+r9oN/lOi9E3AAqgm/:fqKWsAMLg/lOi9E3AAqz/
Score1/10 -
-
-
Target
Monoxid Opener/main.vbs
-
Size
49B
-
MD5
3329c692994d4f3163c48974a50266a3
-
SHA1
ab6298e95b4d51cb2bbe1951a2a0d59586cf79c7
-
SHA256
00ca4b7f716070b6b024a966eddb1ce786ac1ee1648528705b88e152ed12f7cc
-
SHA512
d986821f805602141192a0c6e61660977f2951078c118ced351fc37a6672047d96da8218dfd65cb77c3ccf7043f5d611909e77946ad3d0090ddae1aefb8e05b3
Score1/10 -
-
-
Target
Monoxid Opener/run.bat
-
Size
38B
-
MD5
1f9ee498d801c5e3d9d2e683e03dc204
-
SHA1
9dca0c728f24126ddd8df5db429abe55c9b53794
-
SHA256
4081aaa089b54aa3d86f0ea7935737171eedfe9691dead6213dac62f1273c499
-
SHA512
bd7600c5eee30b8f9229491aa75a473924c4828cd61f5c85ec0607e4bbbe5e47d0aecc05499789aad7a05e514d61edf3bb0a98900ccf445aa45ac6eca0fdce1a
Score7/10-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-