Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    HaruHost.zip

  • Size

    11.7MB

  • Sample

    240308-nj8q4adg75

  • MD5

    3054b296b570f47c69f0745bb6be391e

  • SHA1

    6fb571ef72378f068bb90f144f9093e1a9536669

  • SHA256

    616b344e52682b0a2c061d55edc1aa3c57fd35fd6d72d773ed46d893981a3826

  • SHA512

    510bae9e3870ebc9725e07fab86c778a18c44f5a09891093fa872f8362b5e955473fd3dba383860b7ce2912ff19f6abddd33ce97936313ee28719038ef062467

  • SSDEEP

    196608:UZtJDc2YMS23oVY0Zxc9BphV11y3kC7J7OPo5nbk/smVyOApxV2lxhdRv2ddbzvW:GDc2c+oWcwphzc3kEJqPYnAsmPApj2Tp

Malware Config

Targets

    • Target

      HaruHost.exe

    • Size

      29.1MB

    • MD5

      e2c58ae2a0b8f22aa176e2e492c57784

    • SHA1

      eda117740cb4df5dfe5114b3d13257261e4886bc

    • SHA256

      f762a2cf752440ddae41f7e6b196394fbd9627be565db1a9c73d311281468fd1

    • SHA512

      3a124d0cdfd95729fc49efba37fa019e833979b8ed8b73369bcdaa40c6476d9bba5e53b8bab82f7bdfce6408f7673008759a2bd526581b3c355da0023dafb67d

    • SSDEEP

      196608:pkTOppiGuX4jxHgfJ5rWmGlXnY0t5qTEVwDHRdj7Fk9bm:pk6jiGuodqoXYCqTEyDHRdj7FG

    • Downloads MZ/PE file

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks