Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6bda5cd4ccf9dba7993a9a10c5f607a2a6cdca3f5d91c6a7017e117ef10cdcba

  • Size

    3.2MB

  • Sample

    231114-xyrkssfa74

  • MD5

    0743446261cd62ae7d2045f0afe83720

  • SHA1

    445af0099c6c494da6d901fd5d0ef11d5a9d2fdd

  • SHA256

    6bda5cd4ccf9dba7993a9a10c5f607a2a6cdca3f5d91c6a7017e117ef10cdcba

  • SHA512

    b790d765eb5257302854ec3d1be5a5c6080d550a8a0c3980cdf96a18b1496b6512e191b212b73bd318d009b25bb8032ee4bbe1f0bf47560c48b61971c56a52d2

  • SSDEEP

    6144:n3ue8ySm8hQAAIfFrRXuEE+0l97mKwKUoqHVbV86JQPDHDdx/Qtqa:V/zkFF+EExZmKbUouV5PJQPDHvd

Malware Config

Targets

    • Target

      6bda5cd4ccf9dba7993a9a10c5f607a2a6cdca3f5d91c6a7017e117ef10cdcba

    • Size

      3.2MB

    • MD5

      0743446261cd62ae7d2045f0afe83720

    • SHA1

      445af0099c6c494da6d901fd5d0ef11d5a9d2fdd

    • SHA256

      6bda5cd4ccf9dba7993a9a10c5f607a2a6cdca3f5d91c6a7017e117ef10cdcba

    • SHA512

      b790d765eb5257302854ec3d1be5a5c6080d550a8a0c3980cdf96a18b1496b6512e191b212b73bd318d009b25bb8032ee4bbe1f0bf47560c48b61971c56a52d2

    • SSDEEP

      6144:n3ue8ySm8hQAAIfFrRXuEE+0l97mKwKUoqHVbV86JQPDHDdx/Qtqa:V/zkFF+EExZmKbUouV5PJQPDHvd

    • Modifies WinLogon for persistence

    • UAC bypass

    • Adds policy Run key to start application

    • Disables RegEdit via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks