Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    XboxGamepad_2.1.rar

  • Size

    718KB

  • Sample

    231223-wb7g3adgf8

  • MD5

    a7c37331cdc523c8ae43c7a1535fc8e8

  • SHA1

    c2f628f8eddc7f72e4124898d5aaeb307c13ee49

  • SHA256

    2427c122897ee5dd465db796a62d9e00d2dac8d0812007334e14ec76ad7baf15

  • SHA512

    e8d6089a9c85c200e9a71ada2c8c9ef978f5e8eec9b9844315e71296fd372963330c61e354ac2fa750643c37458bc2f3dcecc8a008026cb20fb5ffe2ae5ae687

  • SSDEEP

    12288:RTGEQA+mqq+Vm2Fs8JiB/HDazGJUqBVlWRhq8qHKXsYy68cmQ1ctJWjTgzM:kEQA+mqq+VTFs8oB/DPJUqXlWfvrcYp/

Score
8/10

Malware Config

Targets

    • Target

      2.1/XINPUT/LibUsbDotNet.dll

    • Size

      146KB

    • MD5

      e2f6b564cb161a24fbd82e93352d1c9b

    • SHA1

      5872531549a5842c0255276f1eac63e1a14d4fc9

    • SHA256

      b589af12fe5e014a73051df1c84124282ff7f63230b26b07b879bc9f47726ea2

    • SHA512

      8c422975695b02597b32c91c5500d84f3d9aee1d02ebec8d6e3421abc734422d7a5888ceb3be15499fccca02b5109a24cb7f60b897a25aec9054eea2b62af6df

    • SSDEEP

      3072:ApgRzrksxK/1H/8SvJc6gfeqG+QQ2Bn4T8AeuxNeMpqGk5s//sJVf7I/uTjA:Apqzxx8H1c6iPG+QQbxVqGZ/pG

    Score
    1/10
    • Target

      2.1/XINPUT/XboxOneDriver.dll

    • Size

      12KB

    • MD5

      0ce911537be1b9cd74a9112941cafc3a

    • SHA1

      4611938206ef90c8ef77aa8d577cbadb77d5dd62

    • SHA256

      c24a29e711c160ffc35bacd7ba7178f36dfd098236e319478f3887abed299df9

    • SHA512

      65343fad677696284f83319d92832d4f4cff9e206249c5a951c0644522bbd9b799ae3e42e3ac5545b4bd7e271c2dab8d724418d66b13cc8d7fa734f2118852fa

    • SSDEEP

      192:ClpoJWtexWXtL9x7s7fHNGkDdGDbeOosrFXoG2cINpph:ZJWthXItGAOHF/2rN9

    Score
    3/10
    • Target

      2.1/XINPUT/XboxOneDriver.exp

    • Size

      1KB

    • MD5

      97a35e72cdd8676c0aa3c0e87fe37133

    • SHA1

      eddbc1a831630b1cf086f75ffc6290935e76a6e5

    • SHA256

      35446b2d83c81358fb4ef2539691fca0d1f9bc9fac5d1c71c221ff1fd6e32082

    • SHA512

      7fd26cacdc402b70b69f81eac9635f0000da4bd8042f6f4a1e678fdf0dcffdc8e873b884217150aa1e04fb9c9746633eba266388d0a6eca5173e2bd4deed8029

    Score
    3/10
    • Target

      2.1/XINPUT/XboxOneDriver.lib

    • Size

      3KB

    • MD5

      490a76d393d19efd9b515519596bb15e

    • SHA1

      e9674947f59ba95393dd611e782811121aad1eea

    • SHA256

      f86402235619dc1bdc2fd87996d69f4b882ec1143ac24209418926dbd5714c5a

    • SHA512

      08557c55927fb473aec36a67dcdabe55b6ff3e64cc00000dda4e160926cfed183338f1e34d8edc22013879679592ed90c4fa85b52f9154f2ea4a8b0d652a3d2e

    Score
    3/10
    • Target

      2.1/XINPUT/xinput1_3.dll

    • Size

      475KB

    • MD5

      e61eae879bc6c5ca4e72f82304e85d7c

    • SHA1

      a361a39aebee69555d7cd7ce1dba88fb15e29234

    • SHA256

      b1e2ec4fc3651945306a12c3a15f7c879b48110963c346009937fea216861169

    • SHA512

      4618e16690d18a573a47f112ac187caf0975009a12d6ebc66865c030d27c3aea0bb18e3d8fea9bb5d84639393c0c00a84c863d4f04b16fbe820c90c6de2ce5de

    • SSDEEP

      12288:pKaECGTQPkYTpXX7IoP6SqfFvbKFiEquD+ou3w:p7EtQXTpXEm6QFiEquDg3w

    Score
    1/10
    • Target

      2.1/XboxOneGamePad.exe

    • Size

      609KB

    • MD5

      3096291e785c07eec28d751321ddb495

    • SHA1

      4b7d83e826c129b5f98b4667f0584dddf5fd54af

    • SHA256

      3eba90986be52f7f17d4be2630eec0dc6f2fc1f4c38e0ffa6db6ab39ee3d9278

    • SHA512

      3351e8a17ef8daba756c7efff6fb9a8173e7637c064e00950c9dd821d78e9d93cbb737d69f7c8d2547207478ee3795c7b9a6392a4d477f0ea94a7a8b7d749c38

    • SSDEEP

      12288:WZLwrTd+z4fGpbOfBofQ1iX/math/rgYdB4mklf3Ys6Mcw9L8dBfenw5bP/5tJBT:WZLqMVfh+AlBShf3R6E94dcng/5tJB73

    Score
    8/10
    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks