Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    riverrr.bat

  • Size

    5KB

  • Sample

    230919-dmzmgsee4v

  • MD5

    fc498e2bdba1e606ec3a8279694de87a

  • SHA1

    005a4e7517f8760b92bf92255224c3a51a9d5cf6

  • SHA256

    93e8750b3a7c51c0f588908f39d89e1e51650c475c9376ed3f71e7c9945ed00a

  • SHA512

    8b3dc61a95224129da7df6240cde12aa4dcf20fc0e37d277f1d92d152f537a751ee11eb4d8281335cb3eb728b4810d38c73914435167cd8e8f29d8e0139401be

  • SSDEEP

    96:OyPPks5E5hngSMz6p5dvxiaXa05CACvEMRu5CECvElCw2+c:tPPQrp5dvkaXa05CACvEMI5CECvEMw4

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://discord.com/api/webhooks/1152857858543718450/qR3bD0V-wMFzOw9cnKsF3KjME7YhDRXOkZep_Oy4ztLtCIN3pK5i3wdOMzSNp6Ry3Xvv

Targets

    • Target

      riverrr.bat

    • Size

      5KB

    • MD5

      fc498e2bdba1e606ec3a8279694de87a

    • SHA1

      005a4e7517f8760b92bf92255224c3a51a9d5cf6

    • SHA256

      93e8750b3a7c51c0f588908f39d89e1e51650c475c9376ed3f71e7c9945ed00a

    • SHA512

      8b3dc61a95224129da7df6240cde12aa4dcf20fc0e37d277f1d92d152f537a751ee11eb4d8281335cb3eb728b4810d38c73914435167cd8e8f29d8e0139401be

    • SSDEEP

      96:OyPPks5E5hngSMz6p5dvxiaXa05CACvEMRu5CECvElCw2+c:tPPQrp5dvkaXa05CACvEMI5CECvEMw4

    Score
    10/10
    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks