Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    tuc2.exe

  • Size

    4.5MB

  • Sample

    240107-e4ty1aedbq

  • MD5

    33d656492325072faf15c45a164487c6

  • SHA1

    ac01c9853d8acba4025369e2aee2487a2f31a232

  • SHA256

    b12aff75a9a173c15b91ad9b89718f7e73dcd72d97a623d732c4b24f52872b65

  • SHA512

    2344f6290a3adf46182abb2587f5b2ca335a59902f96da3c0296497d83444f9047781e3ea9deff3c9c7aa00aa85205e68eb291d0fb9d5450232635942936f705

  • SSDEEP

    98304:QSV6RmOv3vsD3ieHPRuLiWnx2XtEwJdVTio0O4dm8:Cmg3vc3iEPRuZitEm0O4dD

Malware Config

Targets

    • Target

      tuc2.exe

    • Size

      4.5MB

    • MD5

      33d656492325072faf15c45a164487c6

    • SHA1

      ac01c9853d8acba4025369e2aee2487a2f31a232

    • SHA256

      b12aff75a9a173c15b91ad9b89718f7e73dcd72d97a623d732c4b24f52872b65

    • SHA512

      2344f6290a3adf46182abb2587f5b2ca335a59902f96da3c0296497d83444f9047781e3ea9deff3c9c7aa00aa85205e68eb291d0fb9d5450232635942936f705

    • SSDEEP

      98304:QSV6RmOv3vsD3ieHPRuLiWnx2XtEwJdVTio0O4dm8:Cmg3vc3iEPRuZitEm0O4dD

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks