Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3270f2db7ee82e4339dd6d8bf4ab4bb6

  • Size

    1.2MB

  • Sample

    231222-ahxesaedbk

  • MD5

    3270f2db7ee82e4339dd6d8bf4ab4bb6

  • SHA1

    c6b3c480e180530afbdd28df43c6c2a834ec8d15

  • SHA256

    7a9138408d453e5ac46d2ef6c02e2dc8b7eff1510462cff9be8608b85d5e2929

  • SHA512

    15230de760ae9a932a2b713a3ca9c96ee21ba550ecde8d239606adbe7df7e8d0e537531ef4182ff77fdcce4d7939a7079f46601aceafe83f65616c505af2131a

  • SSDEEP

    24576:e845rlHu6gVJKG75oFpA0VWIX4G2y1q2rJp0:745wRVJKGtSA0VWIoVu9p0

Malware Config

Targets

    • Target

      3270f2db7ee82e4339dd6d8bf4ab4bb6

    • Size

      1.2MB

    • MD5

      3270f2db7ee82e4339dd6d8bf4ab4bb6

    • SHA1

      c6b3c480e180530afbdd28df43c6c2a834ec8d15

    • SHA256

      7a9138408d453e5ac46d2ef6c02e2dc8b7eff1510462cff9be8608b85d5e2929

    • SHA512

      15230de760ae9a932a2b713a3ca9c96ee21ba550ecde8d239606adbe7df7e8d0e537531ef4182ff77fdcce4d7939a7079f46601aceafe83f65616c505af2131a

    • SSDEEP

      24576:e845rlHu6gVJKG75oFpA0VWIX4G2y1q2rJp0:745wRVJKGtSA0VWIoVu9p0

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

    • MrBlack trojan

    • Executes dropped EXE

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks