Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    66974914a9028ffd691ee8db0742a8fcade7a6b6def94360633e860b2b8170e2

  • Size

    257KB

  • Sample

    240307-zhpsdade26

  • MD5

    05e4f35911955afea6e4c2b6f348e428

  • SHA1

    ceb8209b0f2e88ab8f82ae29df5a2658c6d6ab63

  • SHA256

    66974914a9028ffd691ee8db0742a8fcade7a6b6def94360633e860b2b8170e2

  • SHA512

    131385ef0c52dcde53d7b05a3e96873f9ee76c003e29cd33a9da7d5f1b3e49a7f0a825b212d2e2a0506c1202d7e4f922fd071d5d90a5e9e70eb6496420fd3f05

  • SSDEEP

    3072:ymb3NkkiQ3mdBjFo73tvn+Yp9FrHSwh/c/hdTWG4lmb37K3BoKLbCZ0N:n3C9BRo7tvnJ9Fywhk/T4i37K3BoKg0N

Malware Config

Targets

    • Target

      66974914a9028ffd691ee8db0742a8fcade7a6b6def94360633e860b2b8170e2

    • Size

      257KB

    • MD5

      05e4f35911955afea6e4c2b6f348e428

    • SHA1

      ceb8209b0f2e88ab8f82ae29df5a2658c6d6ab63

    • SHA256

      66974914a9028ffd691ee8db0742a8fcade7a6b6def94360633e860b2b8170e2

    • SHA512

      131385ef0c52dcde53d7b05a3e96873f9ee76c003e29cd33a9da7d5f1b3e49a7f0a825b212d2e2a0506c1202d7e4f922fd071d5d90a5e9e70eb6496420fd3f05

    • SSDEEP

      3072:ymb3NkkiQ3mdBjFo73tvn+Yp9FrHSwh/c/hdTWG4lmb37K3BoKLbCZ0N:n3C9BRo7tvnJ9Fywhk/T4i37K3BoKg0N

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks