Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    465646564656.js

  • Size

    3KB

  • Sample

    230829-kfcbyabc28

  • MD5

    b2e9681d62da66752baf77d4a6fc148d

  • SHA1

    4b66cb9661a7a19e8a29035f1127497009bc86a8

  • SHA256

    9719b85d30cae85b2cb9c569b672f4cd5b29fd2fdff2aa152618625ab8069d2c

  • SHA512

    6b8304bf99d02cdf1aab2d7bf21690790b11c3764d4b9eef3bdba4b413a920e8bd3591960f3a69a925a7d7c60a8b5fbd22105e36f912c205677c2c76b9341268

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

http://instalfrio.cl/destination.txt

exe.dropper

http://instalfrio.cl/destination.txt

Targets

    • Target

      465646564656.js

    • Size

      3KB

    • MD5

      b2e9681d62da66752baf77d4a6fc148d

    • SHA1

      4b66cb9661a7a19e8a29035f1127497009bc86a8

    • SHA256

      9719b85d30cae85b2cb9c569b672f4cd5b29fd2fdff2aa152618625ab8069d2c

    • SHA512

      6b8304bf99d02cdf1aab2d7bf21690790b11c3764d4b9eef3bdba4b413a920e8bd3591960f3a69a925a7d7c60a8b5fbd22105e36f912c205677c2c76b9341268

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks