Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    x.exe

  • Size

    320KB

  • Sample

    231223-pww4hahhdn

  • MD5

    c940e89943c98832a5738d260f16bf94

  • SHA1

    b422d97d5d59fe0ac82bcb379e2c1d4a27f77618

  • SHA256

    4001c4f249a156e7e9410886ddaf8ca7652689eb914a57d3bb17c1284f79dab1

  • SHA512

    44587a723fa9d51d5dfb216181bdab33987aedd32cff30eec72363425b6de228a7bc51b84fc66214f81b4b398edc70723839d8e979f533595b140cb52bc31cbd

  • SSDEEP

    6144:7DKW1Lgbdl0TBBvjc/RUizNnjLF00mpPGy5Bmfb1cdmhCq3t:Ph1Lk70Tnvjchnjx004uyefbcU3t

Malware Config

Targets

    • Target

      x.exe

    • Size

      320KB

    • MD5

      c940e89943c98832a5738d260f16bf94

    • SHA1

      b422d97d5d59fe0ac82bcb379e2c1d4a27f77618

    • SHA256

      4001c4f249a156e7e9410886ddaf8ca7652689eb914a57d3bb17c1284f79dab1

    • SHA512

      44587a723fa9d51d5dfb216181bdab33987aedd32cff30eec72363425b6de228a7bc51b84fc66214f81b4b398edc70723839d8e979f533595b140cb52bc31cbd

    • SSDEEP

      6144:7DKW1Lgbdl0TBBvjc/RUizNnjLF00mpPGy5Bmfb1cdmhCq3t:Ph1Lk70Tnvjchnjx004uyefbcU3t

    • Detect Xworm Payload

    • Detect ZGRat V1

    • Xworm

      Xworm is a remote access trojan written in C#.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks