Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    RC7_for_Syntax_1 (1).zip

  • Size

    31.7MB

  • Sample

    231226-zdmr8afeh8

  • MD5

    5be3c6e0a218f050ca158054a02eb7e9

  • SHA1

    7a9c42c4496281a0d1f14120922a9d415a1949eb

  • SHA256

    ba79a6ede88584f6c594c87f44bc497d3c533366fa041798a142804f1cf505ab

  • SHA512

    2a238b619298aa4bce8e6837bc4206e7afb643115576beaa6e80cfdc03f41315aeb327e8a70788a3a7d1e7d409f3b97914810a8c6c1bb1e918a122dcc0533373

  • SSDEEP

    393216:yqPnLFXlreQpDOETgsvfGaPgzgvEpxKSNLVq+h5jh5S85t5n6fTs:3PLFXNeQoEDWZiSxA+bjbSw6fg

Malware Config

Targets

    • Target

      RC7_for_Syntax_1/AlphaBlendTextBox.dll

    • Size

      24KB

    • MD5

      e6b8735ea19da68d9baa23f945a6fad3

    • SHA1

      65ae6742bf4106ce56d57d3ab427bd3e379f9ca3

    • SHA256

      48541be9ed6be56e4ee61dd48ce6b237b7a83a3be4db5a54ce350a042c77ecfe

    • SHA512

      ca3f3945406b9dc64b67f78cb75687b487203f177f4d3a96ae070f5aafa01ef43c733dd69847c095d6484a616abfe85f37568f8b289564693b6a3947fcac4585

    • SSDEEP

      192:iDGJzcLqS+q+obtogcv7QZYU+Am6+cfX/huI1Ps1YK2c5PkDVX:iKqHtobQZYU+Al+8XAI1q2c5PkDVX

    Score
    1/10
    • Target

      RC7_for_Syntax_1/Bunifu_UI_v1.5.3.dll

    • Size

      236KB

    • MD5

      2ecb51ab00c5f340380ecf849291dbcf

    • SHA1

      1a4dffbce2a4ce65495ed79eab42a4da3b660931

    • SHA256

      f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

    • SHA512

      e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

    • SSDEEP

      6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG

    Score
    1/10
    • Target

      RC7_for_Syntax_1/RC7_UI.exe

    • Size

      344KB

    • MD5

      2de9be905272b46b98c347fe8298ae30

    • SHA1

      e264e308329c4c7a190793de8184ac67ff4b9cbd

    • SHA256

      7774dac493990bdd2e6ebb9fd26fe17d26cb625fd4bf4e953c51142dbfa7c851

    • SHA512

      9338b6e34f63170d8089b4c70005f8c73dea038729b53593ed741f9d85ef46a523ffff4aba7afef32b250ba46b35251e8b848658ddca4cd243ba0630f57f164e

    • SSDEEP

      3072:FCerJ+Nv6WCy1GdJH1LOajQdW1GdJH1LOajQdawag1GdJH1LOajQdMr3o/:FCe9jsIJVLfs4IJVLfsawvIJVLfsM

    Score
    1/10
    • Target

      RC7_for_Syntax_1/Regret.dll

    • Size

      217KB

    • MD5

      508a74324c3245a08a9c898d1543112e

    • SHA1

      570985dc1f08283718cb421ade8e20fcfd95aae3

    • SHA256

      9b211d6f728f4061800353e63dd60cb96764e0c185d362e02c6fa21c1522a954

    • SHA512

      1d1910dd7bec295862130e57c9202c4787518dddfd80a01444704508becc09904359824eafcf8799fe3b0345bb3c0b78d6cffc6081a338fc5e311c5d2c90add0

    • SSDEEP

      6144:Leqi7pK/yPAgC/KPlUwe+Uw28OIRT4moOSeTrcqKg:LeqApYyPAnKGwjOIRkmoOSUc9

    Score
    3/10
    • Target

      RC7_for_Syntax_1/Run this before rc7.exe

    • Size

      17.7MB

    • MD5

      23c7f7f51bba2e17b08a0163dadb6e36

    • SHA1

      8971ebce079ad46b936ee6f15b7d778d0cf75459

    • SHA256

      2bb163eac2833576f4bad69438a012cea5c6511c05d1cfe9dc8b457aeec5a443

    • SHA512

      c60451d578cd62ba6532736546711c6f6ed698c87de82739825bce91c8d2ccb0b19c6a8347ade99dad341a3c5ad2f61711f8cb539cd58195b3dac6e0508d5f16

    • SSDEEP

      393216:nqPnLFXlreQpDOETgsvfGaPgzgvEpxKSNLVq:qPLFXNeQoEDWZiSxA

    Score
    7/10
    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      RC7_for_Syntax_1/bin/Monaco.html

    • Size

      6KB

    • MD5

      fc63d6f8cfd66d984df8e003cd30ce4c

    • SHA1

      767beb1b385f89ef98d6aab11abacc564fc3c2b7

    • SHA256

      aaf84c7789f9f4a7505c408e484d0d04a5ddfe2badd3973acd41bf2e6a2bfbf5

    • SHA512

      843bb9660de5827a28a94799c4b745bc2c1c56db72d36b989ea2b72a3868d0b68fac36b5e320293e26034e4d2b0f9b0946162ea2f4b8e919131d888a825e5101

    • SSDEEP

      192:Q3+OKFLvkJj7gpk32eynKZyt7TJPAqkvKU3LI+QrzZws:Y+OKFK3gi32eynAhs

    Score
    1/10
    • Target

      RC7_for_Syntax_1/bin/MonacoEditor.html

    • Size

      6KB

    • MD5

      cff4feef176cef910036d01c653d9287

    • SHA1

      2ec40c7ea8d85a126c39f294d82cd128217c0b6a

    • SHA256

      3e06c186e632d01ebc2ef38fb0c082f26e14132697afe8750173f4a09569147a

    • SHA512

      f1d5707a947d1172cd8b06b8dec8cffd8ae88486c4a7a685ef88b8c619fee84efcf0cf5ec193c1f5b3dfcb3bf5aa74cb5ce89003d092d7414aadf2c2a6e5587d

    • SSDEEP

      192:Q3+OKFLvkJj7ppk32eynKZyt7TJPAqkvKU3LI+QrzZws:Y+OKFK3pi32eynAhs

    Score
    1/10
    • Target

      RC7_for_Syntax_1/bin/vs/base/worker/workerMain.js

    • Size

      149KB

    • MD5

      27ead90c7702154755785e0e53398755

    • SHA1

      86b59485fe6f6ccb1805183fa75062a2ac1c859e

    • SHA256

      bdf9433692a08851e13dd58504eef19f51bd2ec7241923a68edf5772e0e53af5

    • SHA512

      6829681575179c90bb7817b17feee60e7d44d8abb15264ab39d7f0edf95dd1d030b99c12b005c753cd786c26ce6f17ff09b058c16f3363596f785e386ef78e82

    • SSDEEP

      1536:XNSxrkwnz+dTHHfvYYdBwDZ2Ogvh52xgh2hQXIvTBaB7hU74Yc6aphU1PblosJEl:XzdTagJkb+6jFlJJEt9yjjTCD2zw

    Score
    1/10
    • Target

      RC7_for_Syntax_1/bin/vs/basic-languages/bat/bat.js

    • Size

      2KB

    • MD5

      4cb475399c4490eea41982dcd6d9653e

    • SHA1

      fc97d57206ff7fa1c89ff0fc9f6e2f04a20ea185

    • SHA256

      9bca42394fe8922fec24b768eeb8ce04692de6fad82f9052d5b7e70f5c6b0f40

    • SHA512

      27eefe83cf38a7d784414d99b472f6fcd7e595691eb0f368254ba1f71aaf702840b62bf232c30c515a8fada234699fefeef496c0c24669cc158cb567227e4783

    Score
    1/10
    • Target

      RC7_for_Syntax_1/bin/vs/basic-languages/coffee/coffee.js

    • Size

      3KB

    • MD5

      9d0c4ac1691eed0a480c3e9246490d29

    • SHA1

      38258864fd070c35cec6b68715d58771df9fe3e1

    • SHA256

      e706c9f8e5c5a0cb01b2f4e4879ec34a050d6eb2a8840284eb7badd9d78099f9

    • SHA512

      437a703607a9f0cb96ffb56312d149b95f596290591d14098c36d978b2e1fdba3c3712c9099923bc0a709c5c0ebd7eea868f63dfbcc69cdf5a9325b8a67006b6

    Score
    1/10
    • Target

      RC7_for_Syntax_1/bin/vs/basic-languages/cpp/cpp.js

    • Size

      5KB

    • MD5

      0a16509e6cd0155fb622e785cfe976c7

    • SHA1

      7afa7f823191c43d7a4bdd7d91577495de62c21a

    • SHA256

      a7c2bea7ca3d9e203a3a286735945fe010c8f4f8d46620386ee8befc6a78b32b

    • SHA512

      2cbc48cb10c467561c6a84f59405e9c2f864640b3a21e6fe5cd14ad1a7ca5667b766b3c0511df26f28205dd17338a878bd1164a4f5875235a73214f3e4aeb49d

    • SSDEEP

      96:hFDMgRs/rbV1+gqVV1+/LVb9ZRC2seM6jjz13MwVcEghhb6Yw76wGcmvRBNIs:hZGrTOcVv5M61h8hSeiYL

    Score
    1/10
    • Target

      RC7_for_Syntax_1/bin/vs/basic-languages/csharp/csharp.js

    • Size

      4KB

    • MD5

      f8f841d13c9220e15dcd6bc386b37ba2

    • SHA1

      2b8b7003820d19ed83afde98c845db5e3d5753f8

    • SHA256

      6b3be9a86ee8e3202f51745d94d24cc1eefbcf7d9e6d94fbaf70146b084e835f

    • SHA512

      0b167865b8d7847792c80144e83bdf33655db6ecc0934bb3290f8b5793fee8168aeaf9d74b3541a9424c4f180aad496c2d8710e3847a5bf9d4b2c960ddea4ae5

    • SSDEEP

      96:hFDMgRsVx+rbV1+gqGV1+hmQuq1cBh8b7gj8/pLxb6J994wGcKU7dYIkI:hZi+rTtPsRXpw9SiKUJGI

    Score
    1/10
    • Target

      RC7_for_Syntax_1/bin/vs/basic-languages/csp/csp.js

    • Size

      1KB

    • MD5

      22ada25d590811dcff4e5f5d698e583b

    • SHA1

      c43d4846967d5037ef05b102e49d1fbc54e45fbc

    • SHA256

      4b5a5d7d50986b86b00833447e097c0f01a4388ce1765b48e7e371d06e3a4789

    • SHA512

      c8373ea0b78114f82e8bf027473f72ada0d8acd51623152a0072111d8b3b7d5ac310a1cc510c4e4cd2e97a7686db3c87b2da675fc910898bd11108e4b50ed189

    Score
    1/10
    • Target

      RC7_for_Syntax_1/bin/vs/basic-languages/css/css.js

    • Size

      4KB

    • MD5

      49ad30f1151cfd7a74677fdc6dd13da9

    • SHA1

      286d47f0a4cfa26da2e4d1f1317a8c87000bb5fc

    • SHA256

      bd331fd3bd2c37b0c3150035325f163ac9266bf6d942310764815e676d856d91

    • SHA512

      7337706bfd5bd54938da0fba35e97f8e5780491c04b58d43fc6d905bd2dca92897f1ed8d48e42665f166da7684cc6e29a63ae73f8d3779a9feb97c397a642f0d

    • SSDEEP

      96:hFDMgRsozIq+q17qcq6V1+/aMj1cqTroIrqjKf8O3lzXY0Jc:hZzzv9VmjoOf8O39XbJc

    Score
    1/10
    • Target

      RC7_for_Syntax_1/bin/vs/basic-languages/dockerfile/dockerfile.js

    • Size

      2KB

    • MD5

      e32de981bdaf75e6ffb8fe40bc955a68

    • SHA1

      bef1af7b26ea01c987c7a6295bb7192d83a32068

    • SHA256

      65b86fc54e9b35d6cb84f01dfb905680dbcad6605757de1d6bca84e3029889af

    • SHA512

      a3eadd8c1389dff6c2c6e595efff69be3a573d01e4e16b8e4a8b28f63e4c48c9c439b5dd93666d81d703d1c6b5bf927cc8e47d04af270128095f0d579407c2f4

    Score
    1/10
    • Target

      RC7_for_Syntax_1/bin/vs/basic-languages/fsharp/fsharp.js

    • Size

      3KB

    • MD5

      de122b3bc44a8714f386dc80282dcb12

    • SHA1

      06888a9b616993e9af9797cec64c6d419065f2cb

    • SHA256

      1390079babc117d3f376735780d98f409f317eb4628d17106642c6933ea1da7f

    • SHA512

      ab48f2e5bfa6ea0024530141bb5d35b9090ee0254a3e8f8b86fa36cc8c2fca8000a3caafcfffc1d83e21c488e1f1990c91f537290b54fbbca1d3c7be090dfba5

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

pyinstallerempyrean
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
3/10

behavioral9

upx
Score
7/10

behavioral10

upx
Score
7/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10