Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ModAssistant.exe

  • Size

    983KB

  • Sample

    240419-yy4e2aec79

  • MD5

    85db93f5c82c2b00532a12a907d789aa

  • SHA1

    364bc37d7c64952b48ed57f816a29866aae7bdc5

  • SHA256

    30e9743aab4b01764bf7b2e2d165a9c16cadade5b99ed59f112a47c04028cdff

  • SHA512

    3289aa4fa798673bfd157b2e5702b74a3176032aa1dd64a2828fca62271641b5d2403151722054bc360252af04c67b9984fb2f6d3ecaec9332e6924426e4a3c2

  • SSDEEP

    12288:CHHUaJeQJTUt5ndBU6k1IYg17V8yoRkIoTKrtxeMfgFb7jteYx3QI6x0u+AcGKrt:CHEZAoESMmb7A2U03AcGE

Score
8/10

Malware Config

Targets

    • Target

      ModAssistant.exe

    • Size

      983KB

    • MD5

      85db93f5c82c2b00532a12a907d789aa

    • SHA1

      364bc37d7c64952b48ed57f816a29866aae7bdc5

    • SHA256

      30e9743aab4b01764bf7b2e2d165a9c16cadade5b99ed59f112a47c04028cdff

    • SHA512

      3289aa4fa798673bfd157b2e5702b74a3176032aa1dd64a2828fca62271641b5d2403151722054bc360252af04c67b9984fb2f6d3ecaec9332e6924426e4a3c2

    • SSDEEP

      12288:CHHUaJeQJTUt5ndBU6k1IYg17V8yoRkIoTKrtxeMfgFb7jteYx3QI6x0u+AcGKrt:CHEZAoESMmb7A2U03AcGE

    Score
    8/10
    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks