Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    colinware_the_game.zip

  • Size

    18.0MB

  • Sample

    240103-q3qezadhaj

  • MD5

    267b524383d8832fc8ca2728b9c22d8b

  • SHA1

    f5d4d97bd0f38ec4525a55e32e4e663875d76408

  • SHA256

    e8009306762aa51eae8a3991de04d7c9d82f666a293bff56fb44905353df423c

  • SHA512

    c77f812373b9ed5a83eefcdbd11a75e63046484250498678ec822b9147e34ec93a18fa9f3c0ef396731ad0983abd2bea7a237ba9ee845a741ba8031721a5a34b

  • SSDEEP

    393216:ZmqL1nDHdsc+dfgMxQ43RMhuV4shi4/jOrLpQwq:ZXL9DHr+6WheWOffq

Malware Config

Targets

    • Target

      colinware the game/Colinware.exe

    • Size

      945KB

    • MD5

      1a3411fb714475a5ebfddb35ed768b48

    • SHA1

      3ef12f94403530dd4d6c6b2910c9fe20b79c5db6

    • SHA256

      3779ac382268128b90bcca9dfc6a774bc28729a788b21a2cea2845deb11a607e

    • SHA512

      31f1a69cf4c2e30eed05fa811b01e34ec0db887a20744520d8991e2c5d25b31d9eae5f0113df6d22b58d4972c7b9cb5ba9513a09b5bac0da52ab6a866ea57ef4

    • SSDEEP

      12288:rKZK4ODoga4ODoga4ODog/yUmLAK7ElA4ODoge:rA4II0LADGe

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      colinware the game/bin/RuntimeBrokerPY.exe

    • Size

      17.7MB

    • MD5

      10aa819ab90b46d7e68820662d7668db

    • SHA1

      a58728fdeca0c6ef36fd035db6bb7b7e62bd482c

    • SHA256

      b0b17655b0c9b39af157f9980f4d5c26c3891aa24ca81aa2b3560bbf4f8d5d21

    • SHA512

      ee000cff4fe98088256b4042022a65c72c4a7a0ee272be8862de85788b1124f8f23f92c8a1a7bf1ffe86207e78b6ee15407ca1f4e9f0696ae9b9223f3cce0d6d

    • SSDEEP

      393216:9qPnLFXlrVgQpDOETgsvfGewhgw5MvEc4x7LLSq:EPLFXN6QoEABvbvn

    Score
    7/10
    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks