Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    139613961396.js

  • Size

    3KB

  • Sample

    230829-j54xtaah97

  • MD5

    7888817de0e288f6ce7ab1c794dfbf58

  • SHA1

    a9c9286b4e18e211b020076da3f1304c909cc1a6

  • SHA256

    b20cae48e98bb3cd42241b104a8a99326e462c64c4d46ec96075dcf77460a7f1

  • SHA512

    8417cd4074718c3e56e0261d8fd9c2b33f135262be2acb57966e5dcc41ec36921019c3d40e9df40f25d2f9a41276bd436487cb629b7fab6e5102370330e8c2d2

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

http://instalfrio.cl/destination.txt

exe.dropper

http://instalfrio.cl/destination.txt

Targets

    • Target

      139613961396.js

    • Size

      3KB

    • MD5

      7888817de0e288f6ce7ab1c794dfbf58

    • SHA1

      a9c9286b4e18e211b020076da3f1304c909cc1a6

    • SHA256

      b20cae48e98bb3cd42241b104a8a99326e462c64c4d46ec96075dcf77460a7f1

    • SHA512

      8417cd4074718c3e56e0261d8fd9c2b33f135262be2acb57966e5dcc41ec36921019c3d40e9df40f25d2f9a41276bd436487cb629b7fab6e5102370330e8c2d2

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks