Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.3112138bd1a0e1c4d7ea58f9f475b2deb23129f788dc7097f73068a5309a2bf6_JC.exe

  • Size

    7.2MB

  • Sample

    231008-rrpjzafc36

  • MD5

    a1069ce00a5e9bc316d9f58760ff2c0e

  • SHA1

    3e8e327e46f751d3f319ed46d3c9869bfa97b71a

  • SHA256

    3112138bd1a0e1c4d7ea58f9f475b2deb23129f788dc7097f73068a5309a2bf6

  • SHA512

    4410087a96fbfa8202a05b48e59d554d538c16e786eec8abb61f9f63f94740494ee44db4b8294aa8ff2a3c9d57e9d2d68837b4dd3adcf83b0e21e77386e78a3a

  • SSDEEP

    196608:1DMJcDKlFBqcrx5ut7RK85Xs5XvyCMYpr/nGLtwN:BMODKlFBqwx5wXsBvyCpLGLtw

Malware Config

Targets

    • Target

      NEAS.3112138bd1a0e1c4d7ea58f9f475b2deb23129f788dc7097f73068a5309a2bf6_JC.exe

    • Size

      7.2MB

    • MD5

      a1069ce00a5e9bc316d9f58760ff2c0e

    • SHA1

      3e8e327e46f751d3f319ed46d3c9869bfa97b71a

    • SHA256

      3112138bd1a0e1c4d7ea58f9f475b2deb23129f788dc7097f73068a5309a2bf6

    • SHA512

      4410087a96fbfa8202a05b48e59d554d538c16e786eec8abb61f9f63f94740494ee44db4b8294aa8ff2a3c9d57e9d2d68837b4dd3adcf83b0e21e77386e78a3a

    • SSDEEP

      196608:1DMJcDKlFBqcrx5ut7RK85Xs5XvyCMYpr/nGLtwN:BMODKlFBqwx5wXsBvyCpLGLtw

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks