Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    28352816ac97a619afb88ed8781d5ea712d8ff8e64b2bf77b536d6ad847da329

  • Size

    290KB

  • Sample

    240103-lsztfaceem

  • MD5

    3044cd1afa58fc96cfdcd4ec72528c09

  • SHA1

    40a9d33a69b799e4c19c8749ebbfe880e6e8254c

  • SHA256

    28352816ac97a619afb88ed8781d5ea712d8ff8e64b2bf77b536d6ad847da329

  • SHA512

    4f1a9366c8a4ae8304d13dc313d3ac06c2877c9a0fb137e51bfc359cdbe8fa2ac62601c0f005a455e0cc7f16762e908f362127327277eafa35e94a2a1d2477f4

  • SSDEEP

    6144:o60VDS0PorDh6wtW4ski69/X6ClVYhXMbAnrM4z4o3dPBOXCwURoS:xeu08XtWMR/GfznYCHoS

Malware Config

Targets

    • Target

      28352816ac97a619afb88ed8781d5ea712d8ff8e64b2bf77b536d6ad847da329

    • Size

      290KB

    • MD5

      3044cd1afa58fc96cfdcd4ec72528c09

    • SHA1

      40a9d33a69b799e4c19c8749ebbfe880e6e8254c

    • SHA256

      28352816ac97a619afb88ed8781d5ea712d8ff8e64b2bf77b536d6ad847da329

    • SHA512

      4f1a9366c8a4ae8304d13dc313d3ac06c2877c9a0fb137e51bfc359cdbe8fa2ac62601c0f005a455e0cc7f16762e908f362127327277eafa35e94a2a1d2477f4

    • SSDEEP

      6144:o60VDS0PorDh6wtW4ski69/X6ClVYhXMbAnrM4z4o3dPBOXCwURoS:xeu08XtWMR/GfznYCHoS

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Sets file execution options in registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks