Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
BlackFollow.exe
-
Size
11.9MB
-
Sample
240426-ba4dssgf48
-
MD5
ac77dc295569830549a3b55e66384319
-
SHA1
be4248b8891bf8156af8a1890093ca319e16b49c
-
SHA256
b788983ec5db4507a9b73ea4db216a4b587dec87470d3ebbac6410410f6898aa
-
SHA512
99445df6c86b250d25b7f2d5fe327b4303d1fa4360eb3d92c360492728aba06a84cf1e1d94bcdcb578d696ed7daf1d3a641b47300ae71b0d1af216437730362b
-
SSDEEP
196608:FhJQsQCvgWkEHvCcZMF0SUpOXdIN1WDLtdnZs64qAixvo6a+zry78rl3:rysQCYnefI0SUpO2WD/ZskxvdP2Yl3
Static task
static1
Behavioral task
behavioral1
Sample
BlackFollow.exe
Resource
win11-20240412-en
Malware Config
Targets
-
-
Target
BlackFollow.exe
-
Size
11.9MB
-
MD5
ac77dc295569830549a3b55e66384319
-
SHA1
be4248b8891bf8156af8a1890093ca319e16b49c
-
SHA256
b788983ec5db4507a9b73ea4db216a4b587dec87470d3ebbac6410410f6898aa
-
SHA512
99445df6c86b250d25b7f2d5fe327b4303d1fa4360eb3d92c360492728aba06a84cf1e1d94bcdcb578d696ed7daf1d3a641b47300ae71b0d1af216437730362b
-
SSDEEP
196608:FhJQsQCvgWkEHvCcZMF0SUpOXdIN1WDLtdnZs64qAixvo6a+zry78rl3:rysQCYnefI0SUpO2WD/ZskxvdP2Yl3
Score9/10-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Account Manipulation
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1