Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c511d0c0425c42a45d929c45b38a37ece992986e6430db5fe98fe84743e23604

  • Size

    160KB

  • Sample

    240420-c3s9zaeb99

  • MD5

    2d49d18f94b46100e57d82a5eda63d78

  • SHA1

    d79faf8efc36d2249241a58138f9c9e142684cd9

  • SHA256

    c511d0c0425c42a45d929c45b38a37ece992986e6430db5fe98fe84743e23604

  • SHA512

    dc35adc61de1e0ea6e352ceae8564cf18894bccd77a483b1a5d0a894ffc6ccb81459becbe4c93498ea02980e9f8ab3c3006db1f289c91c0929ef8b208fffba71

  • SSDEEP

    3072:xhOmTsF93UYfwC6GIout0fmCiiiXAQ5lpBoGYwNNhu0CzhKPDNuBZ:xcm4FmowdHoSgWrXF5lpKGYV0wh6Dk

Malware Config

Targets

    • Target

      c511d0c0425c42a45d929c45b38a37ece992986e6430db5fe98fe84743e23604

    • Size

      160KB

    • MD5

      2d49d18f94b46100e57d82a5eda63d78

    • SHA1

      d79faf8efc36d2249241a58138f9c9e142684cd9

    • SHA256

      c511d0c0425c42a45d929c45b38a37ece992986e6430db5fe98fe84743e23604

    • SHA512

      dc35adc61de1e0ea6e352ceae8564cf18894bccd77a483b1a5d0a894ffc6ccb81459becbe4c93498ea02980e9f8ab3c3006db1f289c91c0929ef8b208fffba71

    • SSDEEP

      3072:xhOmTsF93UYfwC6GIout0fmCiiiXAQ5lpBoGYwNNhu0CzhKPDNuBZ:xcm4FmowdHoSgWrXF5lpKGYV0wh6Dk

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks