Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.70baf4d5b0d1364546db64b63a5c56c4774d31911f19a5f588fea8888d962604_JC.exe

  • Size

    14.7MB

  • Sample

    231008-sn5bpade4s

  • MD5

    b8af4b75121ac6143f3ed94ac4e2948b

  • SHA1

    a9deac560df683bbd9fb76bae7d3421ce3c698c9

  • SHA256

    70baf4d5b0d1364546db64b63a5c56c4774d31911f19a5f588fea8888d962604

  • SHA512

    8fc27c927a62378e774ec33c64f48cf44c65b32bb7ebbd80844a9ffbae180b778d9a9fd7e12e88a415ee73a5e159da4c22da13caae7f96bebaf73f984d44c089

  • SSDEEP

    393216:2Ws9BysSToqOsg4lUBF2CWzrCDmV5ZNcm4RupHVoTf2TE7/QWhtOG:jsKroqOsg4lI1ZmURMpHctl

Malware Config

Targets

    • Target

      NEAS.70baf4d5b0d1364546db64b63a5c56c4774d31911f19a5f588fea8888d962604_JC.exe

    • Size

      14.7MB

    • MD5

      b8af4b75121ac6143f3ed94ac4e2948b

    • SHA1

      a9deac560df683bbd9fb76bae7d3421ce3c698c9

    • SHA256

      70baf4d5b0d1364546db64b63a5c56c4774d31911f19a5f588fea8888d962604

    • SHA512

      8fc27c927a62378e774ec33c64f48cf44c65b32bb7ebbd80844a9ffbae180b778d9a9fd7e12e88a415ee73a5e159da4c22da13caae7f96bebaf73f984d44c089

    • SSDEEP

      393216:2Ws9BysSToqOsg4lUBF2CWzrCDmV5ZNcm4RupHVoTf2TE7/QWhtOG:jsKroqOsg4lI1ZmURMpHctl

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks