Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

1ddd402d2c...fc.exe

windows7-x64

10

1ddd402d2c...fc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1ddd402d2c029651a343790c1b88975063c7ab0f8868f6fdedc339ffbd644afc

  • Size

    15.6MB

  • Sample

    231011-zw91gadc2t

  • MD5

    e698b8fcd1c1b0dd306bc6404b1deb04

  • SHA1

    217b025ce5eaa055e9ea9a76843646d46fbecb5e

  • SHA256

    1ddd402d2c029651a343790c1b88975063c7ab0f8868f6fdedc339ffbd644afc

  • SHA512

    b034ab2ae7e75f6403fb6fb83de36d527bdb8eff5f5ddf49a7f9c12f57f50d6f8a3aca9d3dee0ee3a5cb54b0358e382907f845108579f5a74a9d768b6a1ab6f0

  • SSDEEP

    393216:KVqEygoxHqYF9yqxQMC96ZEP0C3asURC/WE:KVqXUY7yq61V0xRQx

Score
10/10
blackmoonbankertrojanvmprotect

Malware Config

Targets

    • Target

      1ddd402d2c029651a343790c1b88975063c7ab0f8868f6fdedc339ffbd644afc

    • Size

      15.6MB

    • MD5

      e698b8fcd1c1b0dd306bc6404b1deb04

    • SHA1

      217b025ce5eaa055e9ea9a76843646d46fbecb5e

    • SHA256

      1ddd402d2c029651a343790c1b88975063c7ab0f8868f6fdedc339ffbd644afc

    • SHA512

      b034ab2ae7e75f6403fb6fb83de36d527bdb8eff5f5ddf49a7f9c12f57f50d6f8a3aca9d3dee0ee3a5cb54b0358e382907f845108579f5a74a9d768b6a1ab6f0

    • SSDEEP

      393216:KVqEygoxHqYF9yqxQMC96ZEP0C3asURC/WE:KVqXUY7yq61V0xRQx

    Score
    10/10
    blackmoonbankertrojanvmprotect

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

      trojanbankerblackmoon

    • Detect Blackmoon payload

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks