Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    229122912291.js

  • Size

    3KB

  • Sample

    230829-j81dssba54

  • MD5

    0632bc0a930491c5232dafbb3d4d2bf8

  • SHA1

    de9c86da5b0a3961baef803c483b7815957d429b

  • SHA256

    7e630371fe8015da34a33370dafc9da2bae45531a4376fd5053a45d8193b4c15

  • SHA512

    b5d84a0ff5ad63337e7e8cefea56403cd77f8243a2c4ef28a0f5b702eb180e40ec4b5a5cfaffd230394e413b620e343629c0e104c8b7c4185a687ebe8eb3b23d

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

http://instalfrio.cl/destination.txt

exe.dropper

http://instalfrio.cl/destination.txt

Targets

    • Target

      229122912291.js

    • Size

      3KB

    • MD5

      0632bc0a930491c5232dafbb3d4d2bf8

    • SHA1

      de9c86da5b0a3961baef803c483b7815957d429b

    • SHA256

      7e630371fe8015da34a33370dafc9da2bae45531a4376fd5053a45d8193b4c15

    • SHA512

      b5d84a0ff5ad63337e7e8cefea56403cd77f8243a2c4ef28a0f5b702eb180e40ec4b5a5cfaffd230394e413b620e343629c0e104c8b7c4185a687ebe8eb3b23d

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks