Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    AORadar.exe

  • Size

    160.2MB

  • Sample

    231127-3nca1sdf88

  • MD5

    1c215a165d45d35272eca8f292749c69

  • SHA1

    c1a80f3bcd8720a62fc67112415143b97a85cf3f

  • SHA256

    755a968e0c4c2b7a75b6cd4505b18306288387fd75a8bab2a7ea5d699042f1b9

  • SHA512

    bf396704475ed6d84d0bee282b61ca281aac16450a1fbdec5518c4163f6a776b0b256180c146091e7d9dd384bb34a3ae6a19fbbe1ca0e1b8d64e3e95c19f92e7

  • SSDEEP

    3145728:pkqcdGhXzwB2sipil3nDkGwazl83Q5NKlX0MXIES0y9zX7:GWu7icl34bazAQTm0MYsydL

Score
7/10

Malware Config

Targets

    • Target

      AORadar.exe

    • Size

      160.2MB

    • MD5

      1c215a165d45d35272eca8f292749c69

    • SHA1

      c1a80f3bcd8720a62fc67112415143b97a85cf3f

    • SHA256

      755a968e0c4c2b7a75b6cd4505b18306288387fd75a8bab2a7ea5d699042f1b9

    • SHA512

      bf396704475ed6d84d0bee282b61ca281aac16450a1fbdec5518c4163f6a776b0b256180c146091e7d9dd384bb34a3ae6a19fbbe1ca0e1b8d64e3e95c19f92e7

    • SSDEEP

      3145728:pkqcdGhXzwB2sipil3nDkGwazl83Q5NKlX0MXIES0y9zX7:GWu7icl34bazAQTm0MYsydL

    Score
    7/10
    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks