Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Assassin_X_v-9.zip

  • Size

    9.4MB

  • Sample

    240427-lhl5lagd3y

  • MD5

    b09adb7372205f6a80aa0671c9b5d597

  • SHA1

    c72e2de1aca5f4a75f61c5c0cf5b5743c299f4e1

  • SHA256

    8728e6a252a6831f67662c898943881e43bf2f7b931cfe9302c3f1886ad98f13

  • SHA512

    f662de0998562e74b6cb4e2b176a00c0ce0b5b676672da1d90054d127b19358fa16d30d5bce58064ff34db11e9595c1f1d76f7fcf4b3aca425e7ac1b7ccca8c3

  • SSDEEP

    196608:K0yuheYEfsVLQBfnxylR8lrLwGQhYPT/5JsoZcBeYy82Df1c/4qlGRnR/Eubc:TeYEyLixyMrLTrcBeE6fe/7GRsu4

Score
9/10

Malware Config

Targets

    • Target

      Assassin X.exe

    • Size

      3.4MB

    • MD5

      7faf649716f9b6a6a3089c654701a3dc

    • SHA1

      c7fb3b7dda5dfd03ac34b44a5d1689db308373a2

    • SHA256

      5a47425989935d96012305f548d6d1b5583f693dd61ff1a8e1fe28efb6665b2e

    • SHA512

      f1f05901974cf44374bc273d2b45d82c4ad6ff3f9b2425d03178eb3249eabc7d581764086a9ab8ea2a3bba17453fa2f58bc974123726d6c5f652ede77d0886aa

    • SSDEEP

      24576:qNgyNilNR2zTJF2ZHuduTJTyCA59q0aSeQyW72/JW363Qf0ukHe7cOF0hF:+gizdwlyCA59qRSnh2/0se7cOe

    Score
    9/10
    • Looks for VirtualBox drivers on disk

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Target

      Injector.exe

    • Size

      8.1MB

    • MD5

      ca1e0eb7edfeaf15cdb5891b54920281

    • SHA1

      9e640c2e25a0ae32d0605afeb84b5bf2392b7f88

    • SHA256

      0bf1c919402204686cdcbc447aa112844ca6160718a38204f2e87e92d19ddb74

    • SHA512

      436f6a01ef6cc17d0f2b72a844b2ede4747c9e6820af00a9391fa131cc6c8fc6606246ba8185a03a7d6e684e8328af9a724e42a6afbdbe959d146ec303a8782c

    • SSDEEP

      196608:IspaEbGXV1kyICteEroXxcwxV3zlxZV3Gu5D4S26cSEqCS3QCRwHjH5Eu:GEG9InEroX2s14S2IlwCuLeu

    Score
    9/10
    • Looks for VirtualBox drivers on disk

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Target

      HookerV2.pyc

    • Size

      42KB

    • MD5

      5fcfc9b2ff8243289511503c02461da2

    • SHA1

      b93ea142ed4429fd6c5965d803660bdd8f15cd56

    • SHA256

      2bf94e6cd95c5dca6a01437f9efce609a1f299b5a7101b804c01f225f664f2bb

    • SHA512

      4ecf1b1bf9d20d96625fb6dc7546137b674c240e865a20a4817c567f82bda4d361b09624a632bb67b5e164bc1a153cec36dc7a6b63b49ccaa523cee864e38ebd

    • SSDEEP

      768:Ybn2jsGnIavohhLzQ2LK4QRb8xn4gujfLc8WK8BM+oaSixrx2YpV6o2LHksz:Yb2jsGnbwhA4QRb8x4xHcCAM+PSiH2YU

    Score
    3/10
    • Target

      Microsoft.Toolkit.Uwp.Notifications.dll

    • Size

      140KB

    • MD5

      b4ec92287b0d96daad899236192de30e

    • SHA1

      7e0ae9fd688f4a122acc38de99d166cdddde3f52

    • SHA256

      8750440e6049ae487c02b41fbe3692790667504d2f31a7247c14179d302f887a

    • SHA512

      ab547e3dfa75d21820416be1a38e7a7664080312efed13e9b4f14d6f9c6c759f962b6912a18fd4995cac22d9ad11bd857c61f7bbd9d1ed09effef743bdbd922f

    • SSDEEP

      1536:5RdbKFBNaWYYK8gwb+zPws86WGkGaBb6ktu4YLHwYfJe5K+Q7GeH7I/65tWI6LXh:P9ENDYz2GLm6MBYLHr1+/47O/Ki

    Score
    1/10
    • Target

      System.ValueTuple.dll

    • Size

      24KB

    • MD5

      23ee4302e85013a1eb4324c414d561d5

    • SHA1

      d1664731719e85aad7a2273685d77feb0204ec98

    • SHA256

      e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4

    • SHA512

      6b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32

    • SSDEEP

      384:VyPa16oAL4D+wW9IWmDIW4IWYDMFm0GftpBjMIraQHRN7VlmTpF0:VWs6oqDjADKeDYViG+LN

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks