Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

30/10/2023, 23:19

231030-3ax1kafe2v 1

30/10/2023, 02:03

231030-cgtnlsac7y 10

General

  • Target

    sparkk.sparkk

  • Size

    1.0MB

  • Sample

    231030-cgtnlsac7y

  • MD5

    14c60d7c9ed65affcf0565ff94633a39

  • SHA1

    59b86277b79804fdefd7bfd68c63f9f3e44b2ad9

  • SHA256

    4fa8ab3763707bd8347f3a27faec2ac74f902af54b2074855eaf7410f9615874

  • SHA512

    bc4cd36959d714ffd1ca7a1668084117f8c0b053d0fb508f30675feb03730989fa1d63572a7fd2cfc76f99cf8d04329ee0bc8637dc9d1af3c4139400b46dad02

  • SSDEEP

    24576:8BysVM5qDErtZXREL9+9uohDNNNLIPNLI3NLIFNLIm:zqDytZh9uEZIPZI3ZIFZIm

Malware Config

Targets

    • Target

      sparkk.sparkk

    • Size

      1.0MB

    • MD5

      14c60d7c9ed65affcf0565ff94633a39

    • SHA1

      59b86277b79804fdefd7bfd68c63f9f3e44b2ad9

    • SHA256

      4fa8ab3763707bd8347f3a27faec2ac74f902af54b2074855eaf7410f9615874

    • SHA512

      bc4cd36959d714ffd1ca7a1668084117f8c0b053d0fb508f30675feb03730989fa1d63572a7fd2cfc76f99cf8d04329ee0bc8637dc9d1af3c4139400b46dad02

    • SSDEEP

      24576:8BysVM5qDErtZXREL9+9uohDNNNLIPNLI3NLIFNLIm:zqDytZh9uEZIPZI3ZIFZIm

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks