Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    river.exe

  • Size

    42.4MB

  • Sample

    240225-eh2fysah38

  • MD5

    d456468a29c7f607f856d744a8fa0813

  • SHA1

    a3e17c3cd71b87881aadd7251d9712e43d7b8e9e

  • SHA256

    d615116b42dd422e6d9577cfbabe1828f1b1f6f619f7a1c40b781f392c46ee34

  • SHA512

    c6257e7c5f5398dc1fbcbbd88e52bc76084cd46ccd92873de26eaaefba746c3fc16774a9e1b4a03957cc064a961bbf613eec5751aad7ff7cad067096b543837b

  • SSDEEP

    786432:dSQtsRPJmIKmr2puIvnaJ/12j6+s7LWB75zuk2rPJVEEY5F0wW8p2RPBLd/b:dSQt6PIIfr2pBvnaB12qHWB75ik0PkER

Score
7/10

Malware Config

Targets

    • Target

      river.exe

    • Size

      42.4MB

    • MD5

      d456468a29c7f607f856d744a8fa0813

    • SHA1

      a3e17c3cd71b87881aadd7251d9712e43d7b8e9e

    • SHA256

      d615116b42dd422e6d9577cfbabe1828f1b1f6f619f7a1c40b781f392c46ee34

    • SHA512

      c6257e7c5f5398dc1fbcbbd88e52bc76084cd46ccd92873de26eaaefba746c3fc16774a9e1b4a03957cc064a961bbf613eec5751aad7ff7cad067096b543837b

    • SSDEEP

      786432:dSQtsRPJmIKmr2puIvnaJ/12j6+s7LWB75zuk2rPJVEEY5F0wW8p2RPBLd/b:dSQt6PIIfr2pBvnaB12qHWB75ik0PkER

    Score
    7/10
    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks