Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bfcd453648a221e7d2e8c5ec99305b1e

  • Size

    724KB

  • Sample

    231220-ra4mkadeaq

  • MD5

    bfcd453648a221e7d2e8c5ec99305b1e

  • SHA1

    2529c153463838e274e853e2930cb4fd8ad85a56

  • SHA256

    f2b8bb9af0e343127e524382b296a824cf502f5793624bd321ce52fc575a81d1

  • SHA512

    032098f1595fe1190602040d0316e6550185280d6d3b0075ddbd94b98cc9919d15a26448619211c1912bb37074a5715248b366d23f759eb20b6ccf596ec083fa

  • SSDEEP

    12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dHNEX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwdyE6o

Malware Config

Targets

    • Target

      bfcd453648a221e7d2e8c5ec99305b1e

    • Size

      724KB

    • MD5

      bfcd453648a221e7d2e8c5ec99305b1e

    • SHA1

      2529c153463838e274e853e2930cb4fd8ad85a56

    • SHA256

      f2b8bb9af0e343127e524382b296a824cf502f5793624bd321ce52fc575a81d1

    • SHA512

      032098f1595fe1190602040d0316e6550185280d6d3b0075ddbd94b98cc9919d15a26448619211c1912bb37074a5715248b366d23f759eb20b6ccf596ec083fa

    • SSDEEP

      12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dHNEX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwdyE6o

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    • FakeAV payload

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks