Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    728728728.js

  • Size

    3KB

  • Sample

    230829-kjss4abd75

  • MD5

    ca95dfc6c50cd32027e64e4660047ac9

  • SHA1

    7158bd43db3cdb055923c8bea5271ba36b79c167

  • SHA256

    0127b82a035d7f33d4a14888cf28c2012451ca4f72d40b1cc60b5ab5d0d0a48c

  • SHA512

    31791407ec8a8e854c20c515b69f753deb432e2dfcbe8509fef8381cee6a9c3c5051d9e2137b57ebdd5ab4c9b68bb8422c6b52e7f4154de4323c41706ffc47b4

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

http://instalfrio.cl/destination.txt

exe.dropper

http://instalfrio.cl/destination.txt

Targets

    • Target

      728728728.js

    • Size

      3KB

    • MD5

      ca95dfc6c50cd32027e64e4660047ac9

    • SHA1

      7158bd43db3cdb055923c8bea5271ba36b79c167

    • SHA256

      0127b82a035d7f33d4a14888cf28c2012451ca4f72d40b1cc60b5ab5d0d0a48c

    • SHA512

      31791407ec8a8e854c20c515b69f753deb432e2dfcbe8509fef8381cee6a9c3c5051d9e2137b57ebdd5ab4c9b68bb8422c6b52e7f4154de4323c41706ffc47b4

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks