Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    224622462246.js

  • Size

    3KB

  • Sample

    230829-j8z32aba46

  • MD5

    456ac7b8a1af03bada1d6e94e201fdca

  • SHA1

    51be2d76ff0275fd6a8689f4dba6a9ff03cbec27

  • SHA256

    85b741f34dbabcf8cc807ff1a2d063f8b5791fdc877d10a3698f86440a01d335

  • SHA512

    3c4e5cd558251b9a0905192db146943a7aa5d570b75c5e15d10d681a34e74d48d32221a0fb9a6ac834f3cc7e543fdaafa415a14256a3a8673825dcc2dba1e162

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

http://instalfrio.cl/destination.txt

exe.dropper

http://instalfrio.cl/destination.txt

Targets

    • Target

      224622462246.js

    • Size

      3KB

    • MD5

      456ac7b8a1af03bada1d6e94e201fdca

    • SHA1

      51be2d76ff0275fd6a8689f4dba6a9ff03cbec27

    • SHA256

      85b741f34dbabcf8cc807ff1a2d063f8b5791fdc877d10a3698f86440a01d335

    • SHA512

      3c4e5cd558251b9a0905192db146943a7aa5d570b75c5e15d10d681a34e74d48d32221a0fb9a6ac834f3cc7e543fdaafa415a14256a3a8673825dcc2dba1e162

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks