Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

07/05/2024, 08:48

240507-kqly5abh68 10

07/05/2024, 08:48

240507-kqjh1ahb3y 10

07/05/2024, 08:48

240507-kqh78shb3x 10

07/05/2024, 08:48

240507-kqhayabh65 10

07/05/2024, 08:48

240507-kqgz6shb3t 10

25/04/2024, 13:13

240425-qghg8sbb43 7

General

  • Target

    ceaab53560fe27d25ae139dd736a26f32daf3a1b3ce8410c1153a422205dea81

  • Size

    1.9MB

  • Sample

    240507-kqhayabh65

  • MD5

    c4ee55c8f75cf73eb54594775e06a94a

  • SHA1

    3604f680c80cd43621ca45dc911e61e14cf24cb6

  • SHA256

    ceaab53560fe27d25ae139dd736a26f32daf3a1b3ce8410c1153a422205dea81

  • SHA512

    f13b63c25aba363d81f98ed3a14808f64865ba13f1956adffd0f5202a20c2c51a294519e030d079fa5825a88cf6066ad13db4257c00eadfa873a55b2c4acbc18

  • SSDEEP

    49152:d/bZlebN53l9AsH7yGkm0IP9C/+7iNQXf3DLXrvjA:Ubn3zAu7l50SC2+CTT

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    studiobp.it
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    cRI21486

Extracted

Credentials

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    studiobp.it
  • Port:
    21
  • Username:
    cristina.nicoletta
  • Password:
    cRI21486

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    studiobp.it
  • Port:
    21
  • Username:
    admin
  • Password:
    cRI21486

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    oopla.net
  • Port:
    21
  • Username:
    oopla
  • Password:
    Tijgers24

Extracted

Credentials

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    vdbeck.de
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    drehorgler

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    dugardein.be
  • Port:
    21
  • Username:
    johan

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    vdbeck.de
  • Port:
    21
  • Username:
    gerherd
  • Password:
    drehorgler

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.tsnp.fr
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    techsnp39

Targets

    • Target

      ceaab53560fe27d25ae139dd736a26f32daf3a1b3ce8410c1153a422205dea81

    • Size

      1.9MB

    • MD5

      c4ee55c8f75cf73eb54594775e06a94a

    • SHA1

      3604f680c80cd43621ca45dc911e61e14cf24cb6

    • SHA256

      ceaab53560fe27d25ae139dd736a26f32daf3a1b3ce8410c1153a422205dea81

    • SHA512

      f13b63c25aba363d81f98ed3a14808f64865ba13f1956adffd0f5202a20c2c51a294519e030d079fa5825a88cf6066ad13db4257c00eadfa873a55b2c4acbc18

    • SSDEEP

      49152:d/bZlebN53l9AsH7yGkm0IP9C/+7iNQXf3DLXrvjA:Ubn3zAu7l50SC2+CTT

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks