Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    64c2e949a2f92c4f458ea1e18ef0829b.bin

  • Size

    2.0MB

  • Sample

    240125-b4a94sdeb9

  • MD5

    64c2e949a2f92c4f458ea1e18ef0829b

  • SHA1

    5274af76387950b897e4cd1fd9f8cf69755dd05e

  • SHA256

    6d7eee0253c4fb6bdd946c309f3db823a348b1cdc9dcb2bd3f2412b30eb9590f

  • SHA512

    6b52f421f8f03402d012cc185547e26ee5e562b18bdc42cf81e80e6a5463ac57383e1d11099770057149c0a6477564b20efb39960e0f1a44b7ebe9e6e89e8b29

  • SSDEEP

    24576:bSH25PwcN2jx23LdZNtWFKVsIdaY5VFt1LuqJhDqGFeyUQPurCD8JYjSK5ECl:blDoOTNtGKOIvfuRVy/Pur2Mgl

Malware Config

Targets

    • Target

      64c2e949a2f92c4f458ea1e18ef0829b.bin

    • Size

      2.0MB

    • MD5

      64c2e949a2f92c4f458ea1e18ef0829b

    • SHA1

      5274af76387950b897e4cd1fd9f8cf69755dd05e

    • SHA256

      6d7eee0253c4fb6bdd946c309f3db823a348b1cdc9dcb2bd3f2412b30eb9590f

    • SHA512

      6b52f421f8f03402d012cc185547e26ee5e562b18bdc42cf81e80e6a5463ac57383e1d11099770057149c0a6477564b20efb39960e0f1a44b7ebe9e6e89e8b29

    • SSDEEP

      24576:bSH25PwcN2jx23LdZNtWFKVsIdaY5VFt1LuqJhDqGFeyUQPurCD8JYjSK5ECl:blDoOTNtGKOIvfuRVy/Pur2Mgl

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks