Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fceb3fbd2800e7b015b4858c845d4b3e961d1ae7c8e00ee59a8e449897194e01

  • Size

    85KB

  • Sample

    240312-entnashh94

  • MD5

    a0465d47e68aa08c02995761c9d29022

  • SHA1

    6d76a73c8fc54dcf350d6ee04fa06fabc2b00a8c

  • SHA256

    fceb3fbd2800e7b015b4858c845d4b3e961d1ae7c8e00ee59a8e449897194e01

  • SHA512

    874e53d68730a103d308cf04523adf2ff1558f437ef26f9ad31fca2b63a464ce07d8e69a07948808a6e7d6bf1b4d8489c64f6289fef7bd6e3e2487c3e246296b

  • SSDEEP

    1536:hBvQBeOGtrYS3srx93UBWfwC6Ggnouy8uXuBGYRXs92kHEXHWbK:hBhOmTsF93UYfwC6GIoutYuBGYR/km

Malware Config

Targets

    • Target

      fceb3fbd2800e7b015b4858c845d4b3e961d1ae7c8e00ee59a8e449897194e01

    • Size

      85KB

    • MD5

      a0465d47e68aa08c02995761c9d29022

    • SHA1

      6d76a73c8fc54dcf350d6ee04fa06fabc2b00a8c

    • SHA256

      fceb3fbd2800e7b015b4858c845d4b3e961d1ae7c8e00ee59a8e449897194e01

    • SHA512

      874e53d68730a103d308cf04523adf2ff1558f437ef26f9ad31fca2b63a464ce07d8e69a07948808a6e7d6bf1b4d8489c64f6289fef7bd6e3e2487c3e246296b

    • SSDEEP

      1536:hBvQBeOGtrYS3srx93UBWfwC6Ggnouy8uXuBGYRXs92kHEXHWbK:hBhOmTsF93UYfwC6GIoutYuBGYR/km

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks