Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2121dff62b134d19fca570d5de76b0e09b6f48eb0600daeca7a51ce4f2ba9c5f

  • Size

    7.3MB

  • Sample

    231011-wswrwsdh9y

  • MD5

    2274f5ddcf0124b5a123a163f0a5217a

  • SHA1

    91439e901de05d3ef392cae755e04376722d7122

  • SHA256

    2121dff62b134d19fca570d5de76b0e09b6f48eb0600daeca7a51ce4f2ba9c5f

  • SHA512

    514129a2000932593d62db677e04c1989dab41c47536f5f6964d09a3d8706cd8abefcbc3ccfeeeb3af5019daab39e74f059d669a890bf4242cb4fc9de2fbfc53

  • SSDEEP

    196608:60XL4uLmMzeXX6s7uze9DUL25cQYlIf9UOt+:6G4LMzeXqsr9HOLaf2Ot+

Malware Config

Targets

    • Target

      2121dff62b134d19fca570d5de76b0e09b6f48eb0600daeca7a51ce4f2ba9c5f

    • Size

      7.3MB

    • MD5

      2274f5ddcf0124b5a123a163f0a5217a

    • SHA1

      91439e901de05d3ef392cae755e04376722d7122

    • SHA256

      2121dff62b134d19fca570d5de76b0e09b6f48eb0600daeca7a51ce4f2ba9c5f

    • SHA512

      514129a2000932593d62db677e04c1989dab41c47536f5f6964d09a3d8706cd8abefcbc3ccfeeeb3af5019daab39e74f059d669a890bf4242cb4fc9de2fbfc53

    • SSDEEP

      196608:60XL4uLmMzeXX6s7uze9DUL25cQYlIf9UOt+:6G4LMzeXqsr9HOLaf2Ot+

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks