Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    VikaStarter.exe

  • Size

    344KB

  • Sample

    240204-petl2sghe5

  • MD5

    abd0172224799f2ab81a7a64ecd32d6a

  • SHA1

    1451aeb778f943618a2992be08eb7a3535ecf838

  • SHA256

    eda68b560a21b00745c94e06afeb5618ba2c5827f1722186622846b5a1550e55

  • SHA512

    ff54b40b998673ae63b8063f95f8ef9cadec65a49b578c2772e6affd7f15d5541c4b6b6d2358e8d52bd434e291eda65c57b367d0b092d7090e06554c217807b7

  • SSDEEP

    3072:Gn2Af+SLiJO+Y7mR9USl6yOiGB3PSQQivLXdn+mvo+vuChrZtwkYZBwOepe4PUef:jE+yclwQKjdn+WPtYVJIoBfRT+tkgAAb

Malware Config

Targets

    • Target

      VikaStarter.exe

    • Size

      344KB

    • MD5

      abd0172224799f2ab81a7a64ecd32d6a

    • SHA1

      1451aeb778f943618a2992be08eb7a3535ecf838

    • SHA256

      eda68b560a21b00745c94e06afeb5618ba2c5827f1722186622846b5a1550e55

    • SHA512

      ff54b40b998673ae63b8063f95f8ef9cadec65a49b578c2772e6affd7f15d5541c4b6b6d2358e8d52bd434e291eda65c57b367d0b092d7090e06554c217807b7

    • SSDEEP

      3072:Gn2Af+SLiJO+Y7mR9USl6yOiGB3PSQQivLXdn+mvo+vuChrZtwkYZBwOepe4PUef:jE+yclwQKjdn+WPtYVJIoBfRT+tkgAAb

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks