Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    323875be6f0aefa4f97ecf1c68cb227af0a85d5ad3e457e53621c4b1c64c8c7a.exe

  • Size

    355KB

  • Sample

    240409-yq42lacc2z

  • MD5

    dfd66b395c4f6b6e3b317c87af46ab14

  • SHA1

    e01be7f31115b7056525834584c11698d659f60d

  • SHA256

    323875be6f0aefa4f97ecf1c68cb227af0a85d5ad3e457e53621c4b1c64c8c7a

  • SHA512

    8c53a31ac833e2c7f26af01abe4bfd602768c04e269db55010f833946588504bab4a6943bf7b49b70fa33ff84227507858f56854b00368323ed7f870546d669a

  • SSDEEP

    6144:/qvk3Q5ibjnNuuXckaL7pbRBkce97aw/N4L7oQ:/qvMQ5ibjnwka3pbRC19Gw/NsoQ

Score
10/10

Malware Config

Targets

    • Target

      323875be6f0aefa4f97ecf1c68cb227af0a85d5ad3e457e53621c4b1c64c8c7a.exe

    • Size

      355KB

    • MD5

      dfd66b395c4f6b6e3b317c87af46ab14

    • SHA1

      e01be7f31115b7056525834584c11698d659f60d

    • SHA256

      323875be6f0aefa4f97ecf1c68cb227af0a85d5ad3e457e53621c4b1c64c8c7a

    • SHA512

      8c53a31ac833e2c7f26af01abe4bfd602768c04e269db55010f833946588504bab4a6943bf7b49b70fa33ff84227507858f56854b00368323ed7f870546d669a

    • SSDEEP

      6144:/qvk3Q5ibjnNuuXckaL7pbRBkce97aw/N4L7oQ:/qvMQ5ibjnwka3pbRC19Gw/NsoQ

    Score
    10/10
    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks