Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2023-07-18-17.zip

  • Size

    24.0MB

  • Sample

    230718-wx9vbada56

  • MD5

    80f7839e91f9d8ff5cfc12c9a6b05405

  • SHA1

    f5f9f8a12e6978f59e999e99087bf5eb1290c32a

  • SHA256

    46cd40aeaaa2e36bd207cc50e3d8b54f064592f5413461e5cf44371fae5fab57

  • SHA512

    be11c110a591902a291e34adc743f548cbf479a6c1a9592de9e06f6d648e1a68edb8146b9892131088dbb77a76c163c794a261e3bd574540142c3d0e65956a9b

  • SSDEEP

    393216:r0MjGekjlsKUsN1qLmW6dnQNPE7ytRgf0bP6OLc09hAyDBnBXQIJyI601AsJYamj:rbjGekjlHW6mFEQbP6grhF9hQIJ562A1

Malware Config

Targets

    • Target

      94a154e17819374c909d1e081a6032cf26b622f916ee6a59f8d8ddce9b50f901.apk

    • Size

      17.7MB

    • MD5

      a272f470bcd451a90d37870b4f55235d

    • SHA1

      64748535e6ec3cbe2b1e5c0c2c97eb768b65f6ce

    • SHA256

      94a154e17819374c909d1e081a6032cf26b622f916ee6a59f8d8ddce9b50f901

    • SHA512

      3c8c3cb5e00593a27e7902c9fddf3dea6c7b1608a8f4bd25cf3b77cc4cb99473fcf91b58b6437a932eb485d175621f082803119de83f4a461f6bc4e713f9fcaa

    • SSDEEP

      393216:4zkF7O4P49K6MnFw+wIGY7og1I99RGKl4JquaQ+pBXYbQe/hzvZlsbD:4YF7/PDKD3Y7Lc9RJqnUXYbJzvZlkD

    Score
    8/10
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    • Target

      23F3A6.png

    • Size

      3KB

    • MD5

      95468e24216d528935ec70529195952c

    • SHA1

      0c6c2e6c0fdba87983a6b2f04ad592995c869456

    • SHA256

      92ee288a0595f421c3ce1262934c4726cf40cb991ef109e183d314cce6782037

    • SHA512

      8cc8a8cee99bea309bc5bfe9a8f0972b32d9ed4808d38b07d078e6253b1c5086db7bbb8f43592a9d3b2cba3a1d3d7959ab87ce5a434a13db179a2be1b1b792f1

    Score
    5/10
    • Drops file in System32 directory

    • Target

      a4428ea2a84c197502595fa85062995ea128355f66d695b76c8911bd6c519bef.exe

    • Size

      1.6MB

    • MD5

      cec434e1b94beae9dbbf0eb371e78f4a

    • SHA1

      e318e77b036852ef9f4780b07e33e075635b93a5

    • SHA256

      a4428ea2a84c197502595fa85062995ea128355f66d695b76c8911bd6c519bef

    • SHA512

      d3e4a9c0e529ab48893d877b19d9a3c6b59bb5b68c1cb2063a510632fc1895ce1e7a0f0c33737361de6de0adea611b000496c3328034d942cae948ead5f8981d

    • SSDEEP

      24576:WiIy60hvWIUiQjUo7zRb+YSqs18b6H9vOWQx1WvxE1ENo0fbSSvC4PnUue6VIsma:mb1x459mWwwvxEKoyvCWUuexH7PCWc

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Target

      eb8458671e178c0159ba0bc3936739d6c0d573df00040d6bcc4ee699302a3895.elf

    • Size

      40KB

    • MD5

      b8a4b3dcd75560545ba5d4e715c51aa8

    • SHA1

      f15c1f4bca2d38d1f9b66f435f86535e09d4533c

    • SHA256

      eb8458671e178c0159ba0bc3936739d6c0d573df00040d6bcc4ee699302a3895

    • SHA512

      ca07219e86673223327e86bea9936592181d8cadc07a05edbc2c2942fcc9457e68a9f0f376e527c5cabb5e32c71788aac80a274961dd019dd0f30310146790b2

    • SSDEEP

      768:Ds78B2CB/QrAlUgHAHctUmMQMsnNASsxVOjxw0kAtc/lqTBxV:DG8cQ/iAlUgHAHcODKNraOFzjtMsTB

    Score
    1/10
    • Target

      f26ed5601a8a2d5abfa4a527b468a18023311e32338dfabff987159d37df3981.msi

    • Size

      5.6MB

    • MD5

      923bf10d5634dfd211b14583c3781cf9

    • SHA1

      b5f9b41676cce66adfd7e37012301f054effd7c9

    • SHA256

      f26ed5601a8a2d5abfa4a527b468a18023311e32338dfabff987159d37df3981

    • SHA512

      caa746f70774129f9bda462579a019466785bb06b8c6ac29cf7ab8bb2f89b6608b401331bd8d26b6495198935518175572402278f395adfb403eb87307980b55

    • SSDEEP

      98304:fiWMy2eOSmUNQiveS0nGRehMc6zEmktLFt7s365qqXxHw+v+y3hfHDdu7gQD:fiWMyLOiv4GRemc6zEVtBt7Q65qqXxQV

    Score
    6/10
    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks