Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f7ff365b9d69717a32a4450c7879de1bd630ef81cd67ca04ee85675a554ffe7d

  • Size

    34KB

  • Sample

    240411-e61vbscd56

  • MD5

    f6da37246aa95224ea6d393617093e19

  • SHA1

    b760d39479438372eba98e2801b30c1e9561e18f

  • SHA256

    f7ff365b9d69717a32a4450c7879de1bd630ef81cd67ca04ee85675a554ffe7d

  • SHA512

    f547e5686236e3d8006f0be8bd2a9db65e25c63c97cd15fbef47341fb60e3bacf8e51478aa08de0c78aa688f7b231dd32101f4a0fb74553b72474a711b3a05e0

  • SSDEEP

    768:9qSqC8+N5ozQQLncwxWmNXMX3cX8wtgg/X/zCtgcgCEX8u/vSXrXrXrXrXrXyHX:9rqfzQQLamN88Fr277777YX

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Targets

    • Target

      f7ff365b9d69717a32a4450c7879de1bd630ef81cd67ca04ee85675a554ffe7d

    • Size

      34KB

    • MD5

      f6da37246aa95224ea6d393617093e19

    • SHA1

      b760d39479438372eba98e2801b30c1e9561e18f

    • SHA256

      f7ff365b9d69717a32a4450c7879de1bd630ef81cd67ca04ee85675a554ffe7d

    • SHA512

      f547e5686236e3d8006f0be8bd2a9db65e25c63c97cd15fbef47341fb60e3bacf8e51478aa08de0c78aa688f7b231dd32101f4a0fb74553b72474a711b3a05e0

    • SSDEEP

      768:9qSqC8+N5ozQQLncwxWmNXMX3cX8wtgg/X/zCtgcgCEX8u/vSXrXrXrXrXrXyHX:9rqfzQQLamN88Fr277777YX

    Score
    10/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks