Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-01-28_9259195046d49cb9e327d004d93dae4b_mafia

  • Size

    653KB

  • Sample

    240128-fdgresdchp

  • MD5

    9259195046d49cb9e327d004d93dae4b

  • SHA1

    ae00378ab852a733de86031d3b06d3cfeb00a073

  • SHA256

    7a242730c90b89fceefd69b52f797aa2893c64d2f7be4e034e7d5f3ebf2ceba2

  • SHA512

    41406a9321524b512c29ad0928be7735c7b332250a2fbac3e82740f6c919844c4a9c9c18a65bb5df4755c397768c904c3ac7a5fdea5d312d76a50bf61c54877c

  • SSDEEP

    12288:Aij0isJD+m3srW+5tEZG1QRw7rZ0n9sLXxGkgXYhfu0tF:tIiG+m8rWwHfR0yXkkxVtF

Malware Config

Targets

    • Target

      2024-01-28_9259195046d49cb9e327d004d93dae4b_mafia

    • Size

      653KB

    • MD5

      9259195046d49cb9e327d004d93dae4b

    • SHA1

      ae00378ab852a733de86031d3b06d3cfeb00a073

    • SHA256

      7a242730c90b89fceefd69b52f797aa2893c64d2f7be4e034e7d5f3ebf2ceba2

    • SHA512

      41406a9321524b512c29ad0928be7735c7b332250a2fbac3e82740f6c919844c4a9c9c18a65bb5df4755c397768c904c3ac7a5fdea5d312d76a50bf61c54877c

    • SSDEEP

      12288:Aij0isJD+m3srW+5tEZG1QRw7rZ0n9sLXxGkgXYhfu0tF:tIiG+m8rWwHfR0yXkkxVtF

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks