Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Monoxid Opener.zip

  • Size

    21.0MB

  • Sample

    230612-s9ecdsch76

  • MD5

    bf86a58bfa4d5932e4b4fcf5f1b72b51

  • SHA1

    db3dc8ad33afa3b15f02c37418e1c3a24873f8e0

  • SHA256

    a2b8f065a88513fa236b345fe96db861ed9733e853c243bca38dc02e67f8fb00

  • SHA512

    2e2ad8fc81b76745612b24a59fe7d15fbeb3807c8dd6747e1491158b8585495967ca502fc740807ee83939ad1bc4d0d47e03c358a64a63780545490a56508a24

  • SSDEEP

    393216:AO3Y0AuF6rAad/pg0Ms8kS9L7X/7T1NpH5iWuNYS:73Y0AVrAG/p5z8kSN7X/H1TCYS

Malware Config

Targets

    • Target

      Monoxid Opener.zip

    • Size

      21.0MB

    • MD5

      bf86a58bfa4d5932e4b4fcf5f1b72b51

    • SHA1

      db3dc8ad33afa3b15f02c37418e1c3a24873f8e0

    • SHA256

      a2b8f065a88513fa236b345fe96db861ed9733e853c243bca38dc02e67f8fb00

    • SHA512

      2e2ad8fc81b76745612b24a59fe7d15fbeb3807c8dd6747e1491158b8585495967ca502fc740807ee83939ad1bc4d0d47e03c358a64a63780545490a56508a24

    • SSDEEP

      393216:AO3Y0AuF6rAad/pg0Ms8kS9L7X/7T1NpH5iWuNYS:73Y0AVrAG/p5z8kSN7X/H1TCYS

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      Monoxid Opener/dll/1.exe

    • Size

      21.1MB

    • MD5

      0e65eff87b40db06b3e06c016eabc657

    • SHA1

      511ece10ecaf6d0db4698e3bc1ce2b008992e850

    • SHA256

      e7914996cb1ac6423741454ef5f181224eebf60295299e444645f858f25ce99a

    • SHA512

      77fdb0287be54c46f27f3e47884b9aa3e7f1901f96b7716eb837894582e3fe6ff2be03edc5e3278903bad0e7f6ddb60c1faf39374457f08f2581425813cb5761

    • SSDEEP

      393216:s7YC+pwszf490yDfDYQ9MpfaMPg5RdsE892zd0zdT5:qYC+Wszfm0ybUQ9uf9Pg5zsEL+

    Score
    7/10
    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      Monoxid Opener/dll/2.vbs

    • Size

      30B

    • MD5

      86346e22ef10075fb36762e2bc93ced3

    • SHA1

      f32c1c45a5433dcf442704ca3c91aa4f7c24f81c

    • SHA256

      f3d645c8517a995da9e573416788b4f45b6981e4b98bf4d8d461656c802f1381

    • SHA512

      740d5fca35ef422586a2325f2c3423a3c34409cc91481022c5085283b5370d92a4b77ea8b4c0ba2e4aeee12faf655f0d3475f704766cdde2334afe97ffd4b756

    Score
    1/10
    • Target

      Monoxid Opener/dll/3.exe

    • Size

      305KB

    • MD5

      616861cfda9ddef5b3fff0090aaa45d8

    • SHA1

      bc7faeb0be99fc397dd6d896fd0f9d58aa9e27c6

    • SHA256

      de918f62f0d6acacfeea67992deae5787d5d23ffe0bbdf7f8486ff8fffc5742e

    • SHA512

      98daaec5c18eded91191b4f78a6749d95448db7ac35226b9e8385352302e821ee8492eac2a7b2bcd1cff89afd0d85770bfb2360e0943f50db3d765cbab9c7a22

    • SSDEEP

      6144:fqKyPmBLp8BMLm7+r9oN/lOi9E3AAqgm/:fqKWsAMLg/lOi9E3AAqz/

    Score
    1/10
    • Target

      Monoxid Opener/main.vbs

    • Size

      49B

    • MD5

      3329c692994d4f3163c48974a50266a3

    • SHA1

      ab6298e95b4d51cb2bbe1951a2a0d59586cf79c7

    • SHA256

      00ca4b7f716070b6b024a966eddb1ce786ac1ee1648528705b88e152ed12f7cc

    • SHA512

      d986821f805602141192a0c6e61660977f2951078c118ced351fc37a6672047d96da8218dfd65cb77c3ccf7043f5d611909e77946ad3d0090ddae1aefb8e05b3

    Score
    1/10
    • Target

      Monoxid Opener/run.bat

    • Size

      38B

    • MD5

      1f9ee498d801c5e3d9d2e683e03dc204

    • SHA1

      9dca0c728f24126ddd8df5db429abe55c9b53794

    • SHA256

      4081aaa089b54aa3d86f0ea7935737171eedfe9691dead6213dac62f1273c499

    • SHA512

      bd7600c5eee30b8f9229491aa75a473924c4828cd61f5c85ec0607e4bbbe5e47d0aecc05499789aad7a05e514d61edf3bb0a98900ccf445aa45ac6eca0fdce1a

    Score
    7/10
    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks