Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b9eed45780779e62c7a1925766ebfba99724aef89f14e7e36bb3634f1513545c

  • Size

    3.4MB

  • Sample

    240417-l3xf3abe93

  • MD5

    122bc8a870cb17fdb8f326d03770d80e

  • SHA1

    f863dc5cc07b885fb5d4a39bbcdf35e8890af765

  • SHA256

    b9eed45780779e62c7a1925766ebfba99724aef89f14e7e36bb3634f1513545c

  • SHA512

    239955042da349881c31bf7d357750501954f1c61e27542f55cde61b866fe83363a784414908bff37ec4cded33470d78456bb2af7f958e860dd2a0c983087bb1

  • SSDEEP

    98304:jWiD4pvFeiye1JCCXeyY2RBkzjxtFj0JhYA:jNcpvF3ye1JJM2OxjjaY

Malware Config

Targets

    • Target

      b9eed45780779e62c7a1925766ebfba99724aef89f14e7e36bb3634f1513545c

    • Size

      3.4MB

    • MD5

      122bc8a870cb17fdb8f326d03770d80e

    • SHA1

      f863dc5cc07b885fb5d4a39bbcdf35e8890af765

    • SHA256

      b9eed45780779e62c7a1925766ebfba99724aef89f14e7e36bb3634f1513545c

    • SHA512

      239955042da349881c31bf7d357750501954f1c61e27542f55cde61b866fe83363a784414908bff37ec4cded33470d78456bb2af7f958e860dd2a0c983087bb1

    • SSDEEP

      98304:jWiD4pvFeiye1JCCXeyY2RBkzjxtFj0JhYA:jNcpvF3ye1JJM2OxjjaY

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

MITRE ATT&CK Enterprise v15

Tasks