Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
AORadar.exe
-
Size
160.2MB
-
Sample
231127-3nca1sdf88
-
MD5
1c215a165d45d35272eca8f292749c69
-
SHA1
c1a80f3bcd8720a62fc67112415143b97a85cf3f
-
SHA256
755a968e0c4c2b7a75b6cd4505b18306288387fd75a8bab2a7ea5d699042f1b9
-
SHA512
bf396704475ed6d84d0bee282b61ca281aac16450a1fbdec5518c4163f6a776b0b256180c146091e7d9dd384bb34a3ae6a19fbbe1ca0e1b8d64e3e95c19f92e7
-
SSDEEP
3145728:pkqcdGhXzwB2sipil3nDkGwazl83Q5NKlX0MXIES0y9zX7:GWu7icl34bazAQTm0MYsydL
Malware Config
Targets
-
-
Target
AORadar.exe
-
Size
160.2MB
-
MD5
1c215a165d45d35272eca8f292749c69
-
SHA1
c1a80f3bcd8720a62fc67112415143b97a85cf3f
-
SHA256
755a968e0c4c2b7a75b6cd4505b18306288387fd75a8bab2a7ea5d699042f1b9
-
SHA512
bf396704475ed6d84d0bee282b61ca281aac16450a1fbdec5518c4163f6a776b0b256180c146091e7d9dd384bb34a3ae6a19fbbe1ca0e1b8d64e3e95c19f92e7
-
SSDEEP
3145728:pkqcdGhXzwB2sipil3nDkGwazl83Q5NKlX0MXIES0y9zX7:GWu7icl34bazAQTm0MYsydL
Score7/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1