Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-04-24_63d255a514e67ebd329b10d09fc5472a_icedid_xiaobaminer

  • Size

    2.5MB

  • Sample

    240424-ec4zwsef4t

  • MD5

    63d255a514e67ebd329b10d09fc5472a

  • SHA1

    636a8690fdb6f6807417c6625c60d9da54bead24

  • SHA256

    c562ef7f34b5821711bc56cdea3fcbecd0e009ecfdc807e717f6865e52de30dc

  • SHA512

    0e6d2e5eaaf437eff5e402fde0ee1554fb60488127d8570d21a2ecef5e40d09a86d4717e08eeaeb0ef736c1a00dd0f31f71ce286464dad4ef0cfc7bcb800df78

  • SSDEEP

    24576:72NyN1Z3jc1VCrulw6ZDKPlrc8a/w0Top2E7+obo6s:728NnzcErpEmdY8b0To2UU9

Malware Config

Targets

    • Target

      2024-04-24_63d255a514e67ebd329b10d09fc5472a_icedid_xiaobaminer

    • Size

      2.5MB

    • MD5

      63d255a514e67ebd329b10d09fc5472a

    • SHA1

      636a8690fdb6f6807417c6625c60d9da54bead24

    • SHA256

      c562ef7f34b5821711bc56cdea3fcbecd0e009ecfdc807e717f6865e52de30dc

    • SHA512

      0e6d2e5eaaf437eff5e402fde0ee1554fb60488127d8570d21a2ecef5e40d09a86d4717e08eeaeb0ef736c1a00dd0f31f71ce286464dad4ef0cfc7bcb800df78

    • SSDEEP

      24576:72NyN1Z3jc1VCrulw6ZDKPlrc8a/w0Top2E7+obo6s:728NnzcErpEmdY8b0To2UU9

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UAC bypass

    • Adds policy Run key to start application

    • Disables RegEdit via registry modification

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks