Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    03eece0ed7f82e1c3837a689fed92310

  • Size

    150KB

  • Sample

    231219-2as6yafadm

  • MD5

    03eece0ed7f82e1c3837a689fed92310

  • SHA1

    cbc9ccfe037996e783195046572a14dd6da010d2

  • SHA256

    0e8edef1570f6580923358f110b48049402035b32e20b59895766d2727bbc961

  • SHA512

    7eec579f551fddcbe84345b002407047f0c9e1c12270b00af232caed3551eaa56cc4aaa892bc61a41536e7b7a1cf1675f4f361ea395c975ec5abc8d034d95768

  • SSDEEP

    3072:YfA8x4tQotpnpW4l5BLAgQkexp+5g9JUpjOhmN0sVhpzDkp0rN:OA7Ps4lDAgJI78t+mN0sVhpzDkp0rN

Score
10/10

Malware Config

Extracted

Family

gafgyt

C2

127.0.0.1:7547

Targets

    • Target

      03eece0ed7f82e1c3837a689fed92310

    • Size

      150KB

    • MD5

      03eece0ed7f82e1c3837a689fed92310

    • SHA1

      cbc9ccfe037996e783195046572a14dd6da010d2

    • SHA256

      0e8edef1570f6580923358f110b48049402035b32e20b59895766d2727bbc961

    • SHA512

      7eec579f551fddcbe84345b002407047f0c9e1c12270b00af232caed3551eaa56cc4aaa892bc61a41536e7b7a1cf1675f4f361ea395c975ec5abc8d034d95768

    • SSDEEP

      3072:YfA8x4tQotpnpW4l5BLAgQkexp+5g9JUpjOhmN0sVhpzDkp0rN:OA7Ps4lDAgJI78t+mN0sVhpzDkp0rN

    Score
    9/10
    • Contacts a large (9696) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

MITRE ATT&CK Enterprise v15

Tasks