Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Evon.zip

  • Size

    476KB

  • Sample

    240406-g6kt8adb97

  • MD5

    c78208d5c19dfa37b9ef37d5bcdfcdef

  • SHA1

    8cff28d079dee084a1f87db209134469f505d75f

  • SHA256

    65e600757b04f97f70bb2000db87dc1c3569de2c27156486d712c7f030ae58d7

  • SHA512

    ffabd186efea18ba19a4d3d30e094a9b2a0966c1ff9b1049a52a2ea4a91516d34604bd557517702d20af80d2468a9fcc940a3cf5fc008d1507112fdabed1252b

  • SSDEEP

    12288:xxeBpzJKkwRMU0Yz3jBL75xwc4XscIFl4zA6fzvBL2:3wzJKkdKjRdxwr81FlQxfDx2

Score
6/10

Malware Config

Targets

    • Target

      Evon.zip

    • Size

      476KB

    • MD5

      c78208d5c19dfa37b9ef37d5bcdfcdef

    • SHA1

      8cff28d079dee084a1f87db209134469f505d75f

    • SHA256

      65e600757b04f97f70bb2000db87dc1c3569de2c27156486d712c7f030ae58d7

    • SHA512

      ffabd186efea18ba19a4d3d30e094a9b2a0966c1ff9b1049a52a2ea4a91516d34604bd557517702d20af80d2468a9fcc940a3cf5fc008d1507112fdabed1252b

    • SSDEEP

      12288:xxeBpzJKkwRMU0Yz3jBL75xwc4XscIFl4zA6fzvBL2:3wzJKkdKjRdxwr81FlQxfDx2

    Score
    1/10
    • Target

      Evon.exe

    • Size

      89KB

    • MD5

      dd98a43cb27efd5bcc29efb23fdd6ca5

    • SHA1

      38f621f3f0df5764938015b56ecfa54948dde8f5

    • SHA256

      1cf20b8449ea84c684822a5e8ab3672213072db8267061537d1ce4ec2c30c42a

    • SHA512

      871a2079892b1eb54cb761aebd500ac8da96489c3071c32a3dab00200f74f4e12b9ab6c62623c53aea5b8be3fc031fb1b3e628ffe15d73323d917083240742b0

    • SSDEEP

      1536:Ee7h7q/J6K3nHC+AGUob2f0DBFPbPWNPWp350NHcHkDsWqxcd2ZPSAv:Ee7oU8HC+AGUu2abPbPWQpO8E0A2tSAv

    Score
    1/10
    • Target

      Launcher.bat

    • Size

      540B

    • MD5

      8a73c96ff34b3781522dd9993f483e95

    • SHA1

      92aeb01de1efacc47795a13a929f4e64ba250f67

    • SHA256

      800b892d045aa373322d1a21f83a2616baae2a5c468096c502114f975b3c7271

    • SHA512

      8205e5c36a18ef1aff1c453ec0910a9234105351b52f4478c8d44dd7a3e07e5c43551b89f7cc176d47c99689f6b736d2bf54a45da6c1b1bcda46e4eac049f173

    Score
    6/10
    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      README.txt

    • Size

      410B

    • MD5

      5470c1484d7547c70fcddacb19bcb823

    • SHA1

      4156ae61439baa7149fe88c69794cba6edea862d

    • SHA256

      fa7263d3a001a80914e3b9790de7b9dbb216d39436d222304a97aded0f5d5842

    • SHA512

      0c4a19627523545ff096576b02531b791e7505fbed522bcb6fe3beb1a1167a94b7feee7ba9bea141039ec762e308a43eeff8e0f8c4145397f2ebd016c6309652

    Score
    1/10
    • Target

      config

    • Size

      188KB

    • MD5

      bb624e51e74a6e9b68fa0dbf4ab00d34

    • SHA1

      54b383878fcfeb8fa48493af3c0dfcc532707c1f

    • SHA256

      2e7c0c83130d4e0a9ba8a4ab7300da8ddd8c5c4a5a3b96bba62de707cc607ee7

    • SHA512

      df41ed1fe1ff6bb3bdf0d52e03b3772482a915842ba7bb86be7212bcce92acfe58ff706e80f2009ae6e0273412cd0db83d4e3212002b82a7896edf29c3f035d3

    • SSDEEP

      3072:xjeMZOQ1IERePdGbm+BmIQ0t/mIDQsha5TPaCFm2poQuSjGut+rAT6yaxO44A7SC:xjWQ1JsPdGbm+BmIQ0tnDPha5TaC45QI

    Score
    1/10
    • Target

      lua51.dll

    • Size

      592KB

    • MD5

      3dff7448b43fcfb4dc65e0040b0ffb88

    • SHA1

      583cdab08519d99f49234965ffd07688ccf52c56

    • SHA256

      ff976f6e965e3793e278fa9bf5e80b9b226a0b3932b9da764bffc8e41e6cdb60

    • SHA512

      cdcbe0ec9ddd6b605161e3c30ce3de721f1333fce85985e88928086b1578435dc67373c3dc3492ed8eae0d63987cac633aa4099b205989dcbb91cbbfc8f6a394

    • SSDEEP

      12288:rs7/mj/73RaLHIW5BmUeUhoE4RgiF1q1bPIBKsg4Db0S:rc/u/7IoRnUKfq1Dl4DY

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks