Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    youdao.exe

  • Size

    149.7MB

  • Sample

    231125-n6e3asad58

  • MD5

    9ef442a14466a39c0572074fcce348dd

  • SHA1

    cfa1846cf9b13f166fffd67ad02d4b7e2a884ee3

  • SHA256

    c13b78ce599d4096fe6f1a02d603e782e7367e1511c993d9a19e8bc8a95311a5

  • SHA512

    5425887977db130c3ab2cba7e5829c55e77331b388f76acbd9f73467845ff9bb1fe6655d1e5b6cacb4f12b468aeedf5266dc27b027b7e2baf7a0ca1d14a50877

  • SSDEEP

    3145728:k63TD1pRKegKHA5jMNFyymEOsEvtd+MKqaXHFVhHMCJDe9:kwTBp0eMYFyyxOsEld+MKjXlYC5e9

Malware Config

Targets

    • Target

      youdao.exe

    • Size

      149.7MB

    • MD5

      9ef442a14466a39c0572074fcce348dd

    • SHA1

      cfa1846cf9b13f166fffd67ad02d4b7e2a884ee3

    • SHA256

      c13b78ce599d4096fe6f1a02d603e782e7367e1511c993d9a19e8bc8a95311a5

    • SHA512

      5425887977db130c3ab2cba7e5829c55e77331b388f76acbd9f73467845ff9bb1fe6655d1e5b6cacb4f12b468aeedf5266dc27b027b7e2baf7a0ca1d14a50877

    • SSDEEP

      3145728:k63TD1pRKegKHA5jMNFyymEOsEvtd+MKqaXHFVhHMCJDe9:kwTBp0eMYFyyxOsEld+MKjXlYC5e9

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UAC bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks