Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2c14745f2a9205631082c313ae81d5c2_JaffaCakes118

  • Size

    10.4MB

  • Sample

    240509-2nvlxsah7z

  • MD5

    2c14745f2a9205631082c313ae81d5c2

  • SHA1

    020b529320fb40f12cd3dfa5499d4ae87e2e84d2

  • SHA256

    4b6fb59c03477e90a365ff3b0c7a3e92b80a55b2a33b0c7e389b8fe031cdc813

  • SHA512

    6c5e4448e0ee3e24884dd95422edc52702a7b2b450af401206f2a6df02f36cffa0fcc76cb9153b2adc2b9c0f8f975a02379eba22de7778b98863bcb8f78e3562

  • SSDEEP

    196608:wjtOmvAQg3S6mOpYjPwb94gnPLCLX3n3Y0KP6CpYGDp9PrZGx0Ht:Wt/vAQX6c07P2LHo0nCpfHP5t

Malware Config

Targets

    • Target

      lz/破解补丁.exe

    • Size

      1.2MB

    • MD5

      69ba5a38865cb7f389d81a25dce28cee

    • SHA1

      0cbfc274e673a40170844f70a01d6f8ca692f3f8

    • SHA256

      f5082d9e414933562a2a60d83b33b9ba3be77c554de34ed06683edf010bb0677

    • SHA512

      108c3b8c8c083f4c6f622b45ec1b10692a75ad25e8fa61198a23e4a326a570a11956cfb8dafc637a906ea36c8efd1af4c161881b525f41dd1aaa64a37dbb9da1

    • SSDEEP

      24576:ToqzG76KF79j6aXg2luAyr4UbW7spq1CBlSnumjJEY/T+dnpyStdUv3T0/4PEMhO:EEMQLj0LRVwhiVsDxcE0O

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      lz/老王3.1.5.exe

    • Size

      6.8MB

    • MD5

      a3eb63266ed1bc64c4d4788a425a2d0b

    • SHA1

      85753ac34127de7ee5fdfec41d8f220d4239dbdf

    • SHA256

      dc6b73ce3132b2d44b7ca588e1ad81846c9d02b9c820b9199ad72710b1cacc4f

    • SHA512

      58e457f4305e04c86dec2b113e0ab1eed39847ecd6a53ff688984abce7aa6bdaf53eab6d9a64ae301f89d82a515e2b106f3f9fb6a10eb59c326ce12b89ea8dee

    • SSDEEP

      98304:l6uckxLdx/V6rDn5Ag7UzfRTdnJDBHlQei88G+oSHXGuZBE9x8pVPAzSvh:9jxRf6rGCeTdBBHMRoS3LGx6V1vh

    Score
    7/10
    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      前去寻找更多资源.url

    • Size

      380B

    • MD5

      0e1589cd950e81fc655d4d80678e88c4

    • SHA1

      c856e33221fc1bd53c647dc3c36f66b20489a0b9

    • SHA256

      12b9df1a43e8543ee7acf7e47dc5f3609ad74fd31c41cc1d16e9c2b40d424a92

    • SHA512

      b2bf879858ed619df84debc1333146572d014314cd792a4d1b27cc0e7236a543a76d92734071303d8dc4dd63e0d18598274cd1cf32c75234d5b8f8fef31afcca

    Score
    1/10
    • Target

      怎么在小刀网投稿?.url

    • Size

      387B

    • MD5

      6ee21163412936c358ec18d2b1762c93

    • SHA1

      a8e21c955738fd7e8be010f7434503fec4f422de

    • SHA256

      e2461d6d4bf6c727f05cee0a0352d0923415043c058a2c3f4ccf970229ef9192

    • SHA512

      295ae47de8ca82a1ebc2747bc6da473b8d9a3137abb4652202a62b54be3f990f1d2af645140e04328517b02292ff0daf49943ba5ea279d05b6b0eece46bd8824

    Score
    1/10
    • Target

      推荐注册百分百领取各种永久钻.url

    • Size

      392B

    • MD5

      26f6de4218949ef00b114c2bc9ba0e60

    • SHA1

      28e966692cb5a09f0e42fbfc16bb111bb768253c

    • SHA256

      34b3e2fee172e6fd1359bd9ca77deba43873caa45c8cabc389c9eec8f4a11fcc

    • SHA512

      4d385d6dc29599ec5edf163d92b0c51afbe0d61ca531bee01d349915f09613d8cf33009d5ae2d7c9ac251377edfa0744c25b9c1e0a8c19dd2be8e5ca492ce1a9

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks