Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6bda5cd4ccf9dba7993a9a10c5f607a2a6cdca3f5d91c6a7017e117ef10cdcba
-
Size
3.2MB
-
Sample
231114-xyrkssfa74
-
MD5
0743446261cd62ae7d2045f0afe83720
-
SHA1
445af0099c6c494da6d901fd5d0ef11d5a9d2fdd
-
SHA256
6bda5cd4ccf9dba7993a9a10c5f607a2a6cdca3f5d91c6a7017e117ef10cdcba
-
SHA512
b790d765eb5257302854ec3d1be5a5c6080d550a8a0c3980cdf96a18b1496b6512e191b212b73bd318d009b25bb8032ee4bbe1f0bf47560c48b61971c56a52d2
-
SSDEEP
6144:n3ue8ySm8hQAAIfFrRXuEE+0l97mKwKUoqHVbV86JQPDHDdx/Qtqa:V/zkFF+EExZmKbUouV5PJQPDHvd
Malware Config
Targets
-
-
Target
6bda5cd4ccf9dba7993a9a10c5f607a2a6cdca3f5d91c6a7017e117ef10cdcba
-
Size
3.2MB
-
MD5
0743446261cd62ae7d2045f0afe83720
-
SHA1
445af0099c6c494da6d901fd5d0ef11d5a9d2fdd
-
SHA256
6bda5cd4ccf9dba7993a9a10c5f607a2a6cdca3f5d91c6a7017e117ef10cdcba
-
SHA512
b790d765eb5257302854ec3d1be5a5c6080d550a8a0c3980cdf96a18b1496b6512e191b212b73bd318d009b25bb8032ee4bbe1f0bf47560c48b61971c56a52d2
-
SSDEEP
6144:n3ue8ySm8hQAAIfFrRXuEE+0l97mKwKUoqHVbV86JQPDHDdx/Qtqa:V/zkFF+EExZmKbUouV5PJQPDHvd
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1