Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bd85a708785e2644c6e719041bfd53c3ae3f9820ea13f26e0ec08813769a1324

  • Size

    756KB

  • Sample

    231219-m71vqabdc9

  • MD5

    d7be2192fc7cb22db8a2acdbf4bbdafe

  • SHA1

    89d97962f8d193fcb91402574046304fbfe2e89f

  • SHA256

    bd85a708785e2644c6e719041bfd53c3ae3f9820ea13f26e0ec08813769a1324

  • SHA512

    e0da02125907eade276c6489af7bccfae29ab6d07a7936dc59d3fd041d723e2840a57197fea5ba11425c37f6fe0f36570610e13ce2d7ace7823955416de6d799

  • SSDEEP

    12288:FNpszYhvXWSVJdMae3mUJUTOMsa+0zNOabK3ghMZtc6NS+0Ulk287/k/MjuLle:7hvJVJdMa1+wOmK3gglSjUlkVzuLs

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

103.116.46.219:25566

218.89.171.148:55472

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Targets

    • Target

      bd85a708785e2644c6e719041bfd53c3ae3f9820ea13f26e0ec08813769a1324

    • Size

      756KB

    • MD5

      d7be2192fc7cb22db8a2acdbf4bbdafe

    • SHA1

      89d97962f8d193fcb91402574046304fbfe2e89f

    • SHA256

      bd85a708785e2644c6e719041bfd53c3ae3f9820ea13f26e0ec08813769a1324

    • SHA512

      e0da02125907eade276c6489af7bccfae29ab6d07a7936dc59d3fd041d723e2840a57197fea5ba11425c37f6fe0f36570610e13ce2d7ace7823955416de6d799

    • SSDEEP

      12288:FNpszYhvXWSVJdMae3mUJUTOMsa+0zNOabK3ghMZtc6NS+0Ulk287/k/MjuLle:7hvJVJdMa1+wOmK3gglSjUlkVzuLs

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks