Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    39961846fd6cbd3fee80abc78b0cc489964dceb9c77197608f4fbdb16316d73f

  • Size

    2.5MB

  • Sample

    240408-y5sl4seb6v

  • MD5

    eca95fbb69ab3ba58f0f535c0e481d67

  • SHA1

    82f2092667e20ef4992d13a428102d64176b4b9e

  • SHA256

    39961846fd6cbd3fee80abc78b0cc489964dceb9c77197608f4fbdb16316d73f

  • SHA512

    3646cf1f9a1fcd854f4ad63ce1bcd451319efd27c21255279add937a9060f32c15d944aa8b4df1712bcf600703614c66c57144061ac09afd4bbec89a4612e3ff

  • SSDEEP

    49152:vhDZlDTeHumcu6x06hZJYtF2EGvxyhXQu8GqbilpEVWi26kAdSNl:ZVlExGT2tF2rCXrVlScJAoz

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Targets

    • Target

      39961846fd6cbd3fee80abc78b0cc489964dceb9c77197608f4fbdb16316d73f

    • Size

      2.5MB

    • MD5

      eca95fbb69ab3ba58f0f535c0e481d67

    • SHA1

      82f2092667e20ef4992d13a428102d64176b4b9e

    • SHA256

      39961846fd6cbd3fee80abc78b0cc489964dceb9c77197608f4fbdb16316d73f

    • SHA512

      3646cf1f9a1fcd854f4ad63ce1bcd451319efd27c21255279add937a9060f32c15d944aa8b4df1712bcf600703614c66c57144061ac09afd4bbec89a4612e3ff

    • SSDEEP

      49152:vhDZlDTeHumcu6x06hZJYtF2EGvxyhXQu8GqbilpEVWi26kAdSNl:ZVlExGT2tF2rCXrVlScJAoz

    Score
    10/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks