Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3b9347dc4e2ca00b974e68530aaf04a5

  • Size

    13.1MB

  • Sample

    231225-zca22aaadn

  • MD5

    3b9347dc4e2ca00b974e68530aaf04a5

  • SHA1

    69cc347d3ed834d547dfae52d7969b6593ffe2b8

  • SHA256

    39f01d34065b63c350a3ffe049e03e41c7365b8ca3b603f7e632bec90c3f8c60

  • SHA512

    69afab82a39cb84c8f5813389fdb12de163cdd6565b6493c612077daee101a83f96b80e00149b0792d9634e5c7691ac457f8a147815428c3c4acd19ea34db264

  • SSDEEP

    196608:peXoKg5NP+mmodVJu53od97uWEe840Qp557dHpglxNjuiUqVz3zX4uIMhEfs9:8Hg5NiodVJuEt84d5JvGTiiUmD4uIx09

Malware Config

Targets

    • Target

      MirServer/DBServer/DBServer.exe

    • Size

      382KB

    • MD5

      d7a8eec0e18be329c93bd2095f0df1f7

    • SHA1

      f2b90bd2c0013ee4a518ad130bc481606dd9e3f1

    • SHA256

      3cce2cb4ff76b4ff4362699003fde1375e82a05932794ba09f0809f287128922

    • SHA512

      8719727a47803c95df24095aa7cd9c8af19223d6d59490117cc589c62ead8663583a35535bc7e8ea92dca40feba7c95958be7cf539319ed827564ebe8291a871

    • SSDEEP

      6144:YFM/VTFE7hlI9yNgX8fIlEIS2qVUDA6rGafN8mscrEe0PyIEVqmQ5iJCJt6U3pRG:CMVe7hlM5lEZ6AhId0PtmGKe7p0q

    Score
    1/10
    • Target

      MirServer/GameCenter.exe

    • Size

      267KB

    • MD5

      935ed40f01658ce10baef215912a3422

    • SHA1

      43042f9bd9586e3a0c41a6370c1cefbf198168fa

    • SHA256

      eb81deb3a6676cb16d3f3520989b2fff5bcdd5a73dc145e42d4113fc1056c2ba

    • SHA512

      a42feee8dad0801b84e481deaf57a11b476cc6f7d785860726211161c17e1e4033ae3017d9c562a58ed5885ad583c4ffe346bc19e9408d99fa8a641c00f6fd9c

    • SSDEEP

      6144:YcERY7dT6CLL6jbX7f6OJbYLIQDeXZWifmjzo5:6mJeCLLEzjbYLzeJJfmzo

    Score
    1/10
    • Target

      MirServer/LogServer/LogDataServer.exe

    • Size

      421KB

    • MD5

      e8fae6abd9cfc6f32821f5c7366ea64f

    • SHA1

      e18ba551f9ed5a258e6bb8efca394f3aff1cb246

    • SHA256

      1926d958983a59b78c0a212b68e6fedcc24e8b920a41141fec5787f96fe023c3

    • SHA512

      acf7ef1cf96c7a33fc1afb7943b842fed7bf9c7108f43af904fb60e3f485efecb94ca0f7cadd7010c3d513d97c494a618842dbdb29e6d9abc0881ff8e1b91098

    • SSDEEP

      6144:Ndu1qC4u63IVhYKjrDx/YD9RT8ZFpG3Lk5BoXWTzNbTuqdYm2OwFnl:q1h4b3IVaqxivwFw7k5ltubNFl

    Score
    1/10
    • Target

      MirServer/LoginGate/LoginGate.exe

    • Size

      212KB

    • MD5

      700f370afb01ec1e2d5be6d92ca30dcf

    • SHA1

      2366dada79cf49b1802962d387107637099ff3f9

    • SHA256

      30aaa1a59c1b295e26fcff124e5b8474458d6c972de4f36982105ca37f63a0d0

    • SHA512

      e61c8a08089d25b4ff2bf46e4c0c6df0c1992d7158cf5bc9212adb096daec0f6edc2669d5a5678be86b6e42581b03521a64d9347ef5fb54066220ccddcfb7ad9

    • SSDEEP

      3072:G7v5I31Wr7Rm2pfna1vES43tkM3wQPyfrdHDOilQAM0csASL5Nqg3JnIZ:G9g1WrkRES4Z3wJxDJqh0cs3UIN

    Score
    1/10
    • Target

      MirServer/LoginSrv/LoginSrv.exe

    • Size

      246KB

    • MD5

      7f5de1ca3a879695e175b4e4261eb5f4

    • SHA1

      90f89b980c62e8de88fd4a880ede6117981b8139

    • SHA256

      92c6dfa26a49ba334778a928b6f0a39b46d123a87a47e6f713d82b9d14f139f8

    • SHA512

      febdebc98eb9c0d08a6c59fb7fce48e47dbb8a348203f2ead5f27d19deaf1e1bd337adce68a127bfb5bf322847b70351c65e82669ee4bc3fdf6211faf9154485

    • SSDEEP

      6144:3CnpCPZNM9ouEX6zWiUvt61g+C88XQ5SGA+:3CV9BEqzZUvtL+rX5S3

    Score
    1/10
    • Target

      MirServer/Mir200/IPLocal.dll

    • Size

      167KB

    • MD5

      bbf62130e7a5966a2b7b89411ad335c8

    • SHA1

      9f6a0af9525cc6b6df479d3d511e06200571c1b5

    • SHA256

      da61a728a96293d8d99db31d3843a68c3788fca93f630219adfab0e0132dde44

    • SHA512

      52baf478f0dab1bb13e03b6ae47ea48b0cc329a35569cd78473e8c5eeefe0d6474b7ad720cbf90664fd140c9c76dcfdd92bcddee11c8b9c2488b5c114d7babf2

    • SSDEEP

      3072:vqu/oVRpW3b2OQLOhRy7kCmRHnhAQPukkGfeDN/z2HS79BKyJcC:v1o3Ab2VLOhAehhN9vexb2HS79gyK

    Score
    1/10
    • Target

      MirServer/Mir200/M2Server.exe

    • Size

      1.1MB

    • MD5

      d195231bd76fae92717f768c8ce955a3

    • SHA1

      27343d2ca343cc20b9cc50682cd62c9565924773

    • SHA256

      16528c7c0a449d3dc3c569ae412886e579b8efe6ce4a27665175b113675f0a79

    • SHA512

      3713df142b4cd2d53a80f91e79c5fd1d484e898d37855b47153c5e881eb18149e11c0fb1398b868f0ce5c45baabdc4694d16d6316a0f5d437b0ee20e817b9972

    • SSDEEP

      24576:uvf+2nh9rbWn/L9re8IuRRxnPFfSyvsShagqNVYWtyH5n+:u3lwBrlIuRFlv3lgTIn+

    Score
    6/10
    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      MirServer/Readme-说明.htm

    • Size

      2KB

    • MD5

      1a919a1a4999d56a1defb343667aac28

    • SHA1

      f56134f9bc67aeb242ca6c19bae4c347ed1a9206

    • SHA256

      faf1518bba5019df39d5337577be9fabee9055d7fcd1ea252da60cea3b7d4f9d

    • SHA512

      c51893606073f3e767af9e271b43a2090e88dfcea367a1ec28deb7a0940767bde14fdedfcb2338af409c847622d06685807e4bb5c64899cc9618d5f2e8c98d92

    Score
    1/10
    • Target

      MirServer/RunGate/RunGate.exe

    • Size

      735KB

    • MD5

      849710c7e376436435023d82fe45fa42

    • SHA1

      60876119ab8a011378443515d4e4f74a057b1806

    • SHA256

      41d16008ea64c13e737d734d2e091653ca5cd4ac42516a061dbdf32309d29220

    • SHA512

      1264fcac963268638e53b27c695b31466d8f30ae52c66e5e2379f458c26d25971b0061ca2f2d9c0be532c7a5d5e5f43f98d9fb1e8659c87625b20f000131f7ef

    • SSDEEP

      12288:Ie6Zh57bNM+BKQ3BrbuE9mU0ZmRE/1XK4ybr0yV:f63k+BPveUE+EtLer3V

    Score
    1/10
    • Target

      MirServer/SelGate/SelGate.exe

    • Size

      218KB

    • MD5

      39b168c63ff9ff7c7c038764408f0ed5

    • SHA1

      9505ec9a042d613977c13aafc393699bae3723b5

    • SHA256

      3def74e6ad351b323f45d426810453da6cd2f3a62e357662e4bdf0f7e8e4347a

    • SHA512

      12442affa0cac2576dc2cd3132087cf92c53db927d10b2aeda86db8325b6251c9a2a6e02e1f38b488d6f3fa21bdd3ae6ce348f9bb09501b9a89e5e7730f15e41

    • SSDEEP

      6144:omX8IUzaCM2XUImekpnQGgTICzHgaKcxhxOdpF:ZX8IkMxvek9QGgIMHgaKcF4

    Score
    1/10
    • Target

      MirServer/上万免费版本下载基地.url

    • Size

      185B

    • MD5

      43e34354e7bec58e764d4c5750c9e149

    • SHA1

      14ba4e002749cfa3f45382f30430626a588d0bae

    • SHA256

      cbb1360827e66a21340959a77bd7bb102d8aa534a29dca8943bf9e004facd62f

    • SHA512

      90df576020c6dfc578a50274cc062ccf074f5b5619a80be9a07fd3021fb7258ca04cc1e9c8bd2c1b1cbbe1a49d0bc441ea4330b9cfd72455f3ec5a3b7064571e

    Score
    1/10
    • Target

      MirServer/中国GM资源基地.url

    • Size

      306B

    • MD5

      db4cd138e0eb7ddda9b28334c2e5774b

    • SHA1

      5e3b9479b2d7f50a7a182bf54297d858f36b9e9e

    • SHA256

      1902fb5b26337e41bfdddd3498c4109d6e06375554b6fcbdf17ff163f90d33c4

    • SHA512

      368e7809ac6e6590a11985120427f6a04d4c235ce98bd288037499cec6a5216509ae5a06f37ec69030b2d7a300bc1d3fa62fe56440094761ca89dfdc0603adaa

    Score
    1/10
    • Target

      MirServer/传奇服务端下载站.url

    • Size

      306B

    • MD5

      c71d32032df2b478d1e74cdbe7133b4c

    • SHA1

      fe5730335c1095815d3eb35eeaee99630598eb4c

    • SHA256

      93ff64348507f5ae2f1857a4765b79be16a73b5245498bd48dc81b52d8e21258

    • SHA512

      a30f1816034eba1c45547dd14470f90ce41a7c14194d09cf7b4c10692f203cb2f86c94668ceddabf4285fdd3d188fa9e37b2b1e367d3cdb40f3ae77b86cde5e4

    Score
    1/10
    • Target

      MirServer/完整商业版本下载.url

    • Size

      185B

    • MD5

      990e7f720f625ae182cb48d4c790f5c5

    • SHA1

      20275af8fe8242c1856a0da4f6c21e669fb48d4e

    • SHA256

      3edc22d7e368882873840eefbc3d9de30077c3815f457501c74d3936152256ee

    • SHA512

      edde510b409ab8ab43cd0ef119965970ef73bca33c08d84a78fe504af58b8d8b695deb72ccfd658771ac1c0fbc48eb91608ce185eaa9b7795bf58a7d3b3fffd2

    Score
    1/10
    • Target

      GameLogin.exe

    • Size

      2.6MB

    • MD5

      a4b1782cb5b0ca57eaf61f155325cce2

    • SHA1

      fd51544776495edc72a3ab2fca4c12651cce9492

    • SHA256

      26adc592bde17f5a04f6c249843e2ea5f3aa084f40f65e8492f2fb200ee2b093

    • SHA512

      dfe22e9b59065f18d5874032d9a31212efc6f38b46ecea3703d402569e3e8bdc0832bfc80c3a3f1a0e2625e8a3c710b829e1136902ae47f7021df8bd879be499

    • SSDEEP

      49152:7hOUzC1ADih/xH3Pz6rOVa2HNO7yslNivNQoG3Fr8J9+tp9wo2:7hdzCuij3qITHQmgivNUuJap9g

    Score
    5/10
    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      MirServer/王曙影视,最新电影,电视剧,百度影音.url

    • Size

      160B

    • MD5

      caa45e9b7ebc6c70c6fe58f554f7bd14

    • SHA1

      a43d7411c2d0cc06613a20e0cfe5ca0fd4025202

    • SHA256

      780d5dd21eed836df9e9eb9ba9ab715ac68e10bce71ab5d29d54e6def8b92b55

    • SHA512

      449e3c0c7b8f66829f334e29bd1eb6ccbce562f99439496a4fb13d77a45da4d91851fa272c6d723b7281175b665e3858ca5a6d0df36359d86bf789f4daefaa52

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

aspackv2
Score
7/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

bootkitpersistence
Score
6/10

behavioral14

bootkitpersistence
Score
6/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
5/10

behavioral30

Score
5/10

behavioral31

Score
1/10

behavioral32

Score
1/10