Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Server.exe
-
Size
43KB
-
Sample
231210-wzgxbahffj
-
MD5
62e768f23a7ab49b2e263275f1ec3d32
-
SHA1
79abc6204488b22e4beb5dddab6c84a2c7afc372
-
SHA256
e167373801728d455bbf3243b7c576f2fc05192dc9d5c0b91dc840100da59ad6
-
SHA512
9622be1c1efe683372aa0758c0bf41a64494e540b82684b230edda038a2ed5b10c02f4269c86e1f699369dd0440d6a97829a0b16fa1a8365e58d84d848a02e0d
-
SSDEEP
768:jSXTp8yN83MSaCA/Cr+9WTO2CK58196HsjHvCqvtq1YLsL1/x0NVbK7z/8HCCjP9:0RWfQYklW1p0DHCCrk
Malware Config
Targets
-
-
Target
Server.exe
-
Size
43KB
-
MD5
62e768f23a7ab49b2e263275f1ec3d32
-
SHA1
79abc6204488b22e4beb5dddab6c84a2c7afc372
-
SHA256
e167373801728d455bbf3243b7c576f2fc05192dc9d5c0b91dc840100da59ad6
-
SHA512
9622be1c1efe683372aa0758c0bf41a64494e540b82684b230edda038a2ed5b10c02f4269c86e1f699369dd0440d6a97829a0b16fa1a8365e58d84d848a02e0d
-
SSDEEP
768:jSXTp8yN83MSaCA/Cr+9WTO2CK58196HsjHvCqvtq1YLsL1/x0NVbK7z/8HCCjP9:0RWfQYklW1p0DHCCrk
Score8/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1