Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9711bc0fcdf0f0f42a46e859d7c26ea61d50b05aae3ec269a1edf668081330f1.exe

  • Size

    1.8MB

  • Sample

    240409-yr9cpscd2x

  • MD5

    d55234e703c601880f1f9392678d0dc8

  • SHA1

    59435f8d2b585302447486b7719d209b45309cec

  • SHA256

    9711bc0fcdf0f0f42a46e859d7c26ea61d50b05aae3ec269a1edf668081330f1

  • SHA512

    ac91ff473406069a37780c319be5668909975b8108c601d4bd83b8ac84a32ee4ba86eab4f2e5b7aa8e8b43303cf4d35ea101e044e7faaaf0afd1e229d0d80a14

  • SSDEEP

    24576:9r0TxazTID9UhQtRlA6Jz7kzSRciXSD3FbbBN/IyZJbOOEHqBh3SWgSklWNy+:9ZzED7tRX8SWwWpNN/IyjEOBST1WNy+

Malware Config

Targets

    • Target

      9711bc0fcdf0f0f42a46e859d7c26ea61d50b05aae3ec269a1edf668081330f1.exe

    • Size

      1.8MB

    • MD5

      d55234e703c601880f1f9392678d0dc8

    • SHA1

      59435f8d2b585302447486b7719d209b45309cec

    • SHA256

      9711bc0fcdf0f0f42a46e859d7c26ea61d50b05aae3ec269a1edf668081330f1

    • SHA512

      ac91ff473406069a37780c319be5668909975b8108c601d4bd83b8ac84a32ee4ba86eab4f2e5b7aa8e8b43303cf4d35ea101e044e7faaaf0afd1e229d0d80a14

    • SSDEEP

      24576:9r0TxazTID9UhQtRlA6Jz7kzSRciXSD3FbbBN/IyZJbOOEHqBh3SWgSklWNy+:9ZzED7tRX8SWwWpNN/IyjEOBST1WNy+

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks