Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ba1bae585d31cc86d1ac1b36b6022ad97b6af45922c8edf609e0ce656090a5c5

  • Size

    2.6MB

  • Sample

    230904-rxkg7sgf5z

  • MD5

    1efe4082d5b71e8dbfb6f82f18174770

  • SHA1

    1deb9b094611a1ce8d674de8fd084f75fddd7442

  • SHA256

    ba1bae585d31cc86d1ac1b36b6022ad97b6af45922c8edf609e0ce656090a5c5

  • SHA512

    0ecf85655ddecb499c8e560fbc362199ac1e81c5960e966fb7b30ce6b54f5434d5c1188e20bf761254500b62639747c001f9169f8ac30fb956e9b46c2993485b

  • SSDEEP

    49152:ueFQHevutBDJbCBW6YmSPeZwB0Vd1KscNL218oNdHHt6ZMczoOUTw9UwU/I+eLRh:uee+vutFBCBW6tZwBu1KsiL218edn0+Z

Malware Config

Targets

    • Target

      ba1bae585d31cc86d1ac1b36b6022ad97b6af45922c8edf609e0ce656090a5c5

    • Size

      2.6MB

    • MD5

      1efe4082d5b71e8dbfb6f82f18174770

    • SHA1

      1deb9b094611a1ce8d674de8fd084f75fddd7442

    • SHA256

      ba1bae585d31cc86d1ac1b36b6022ad97b6af45922c8edf609e0ce656090a5c5

    • SHA512

      0ecf85655ddecb499c8e560fbc362199ac1e81c5960e966fb7b30ce6b54f5434d5c1188e20bf761254500b62639747c001f9169f8ac30fb956e9b46c2993485b

    • SSDEEP

      49152:ueFQHevutBDJbCBW6YmSPeZwB0Vd1KscNL218oNdHHt6ZMczoOUTw9UwU/I+eLRh:uee+vutFBCBW6tZwBu1KsiL218edn0+Z

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Blocklisted process makes network request

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks