Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8fabbda1d779a34f2dcdd6bc6e8d4874
-
Size
247KB
-
Sample
240204-vd9jrsefc3
-
MD5
8fabbda1d779a34f2dcdd6bc6e8d4874
-
SHA1
6fcceac353b07564108c6e2e7b8415c12bbc8773
-
SHA256
185487a76e98e7ba79f8b7e59ab55b78a02038f9487542a545c31d7b017c028a
-
SHA512
c7a3a2f713553c14c4d1ce2844828e4e46236b75e4f8082da085476a9d2104acff3369e3dc7ff9d7c1f272828763016a5f6e8924d06edfb9a21dc7729410646b
-
SSDEEP
6144:ubDkES+ZLIbb9Bq3mGrvQSud3Sx4RGQOWalAUXnDjmUf:2DkES+CGmGre3SaRDOWalAU3/x
Malware Config
Targets
-
-
Target
8fabbda1d779a34f2dcdd6bc6e8d4874
-
Size
247KB
-
MD5
8fabbda1d779a34f2dcdd6bc6e8d4874
-
SHA1
6fcceac353b07564108c6e2e7b8415c12bbc8773
-
SHA256
185487a76e98e7ba79f8b7e59ab55b78a02038f9487542a545c31d7b017c028a
-
SHA512
c7a3a2f713553c14c4d1ce2844828e4e46236b75e4f8082da085476a9d2104acff3369e3dc7ff9d7c1f272828763016a5f6e8924d06edfb9a21dc7729410646b
-
SSDEEP
6144:ubDkES+ZLIbb9Bq3mGrvQSud3Sx4RGQOWalAUXnDjmUf:2DkES+CGmGre3SaRDOWalAU3/x
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Registers new Print Monitor
-
Deletes itself
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of SetThreadContext
-