Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-04-16_bce97b57128e19e263039cd714bf63ce_icedid

  • Size

    2.8MB

  • Sample

    240416-xlm2vahh35

  • MD5

    bce97b57128e19e263039cd714bf63ce

  • SHA1

    d1bb2d7f144e1eae410130043eb78e4dae9e50b8

  • SHA256

    1d94c806d5372d5014b19d323e1e6b8eabdab0980c04be34364e53c7d8b9ba00

  • SHA512

    2ed0cc4c5a58c30ebc36791c30ad61237e3eec7c86d2e0c4ec12228c7db76d7f719643c286868d99d2fe9266441d54684ae0c438cba2bb4584d42f85f2ea11c9

  • SSDEEP

    49152:dCwsbCANnKXferL7Vwe/Gg0P+WhIymgo+Kc+eG6nQeVawAa:gws2ANnKXOaeOgmhIymbK+eG6nQ2B

Malware Config

Targets

    • Target

      2024-04-16_bce97b57128e19e263039cd714bf63ce_icedid

    • Size

      2.8MB

    • MD5

      bce97b57128e19e263039cd714bf63ce

    • SHA1

      d1bb2d7f144e1eae410130043eb78e4dae9e50b8

    • SHA256

      1d94c806d5372d5014b19d323e1e6b8eabdab0980c04be34364e53c7d8b9ba00

    • SHA512

      2ed0cc4c5a58c30ebc36791c30ad61237e3eec7c86d2e0c4ec12228c7db76d7f719643c286868d99d2fe9266441d54684ae0c438cba2bb4584d42f85f2ea11c9

    • SSDEEP

      49152:dCwsbCANnKXferL7Vwe/Gg0P+WhIymgo+Kc+eG6nQeVawAa:gws2ANnKXOaeOgmhIymbK+eG6nQ2B

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • UPX dump on OEP (original entry point)

    • Drops file in Drivers directory

    • Sets DLL path for service in the registry

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks