Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9d5f805044b2032451c47a12c8c9baf3bda38d9670ddf62bcd30e465e9164e4b

  • Size

    540KB

  • Sample

    240509-cdjz1aeh24

  • MD5

    872ee778dd8ae35319bc127011e734ee

  • SHA1

    78aea52817427d1d8b24f2828a6fcbd617e44507

  • SHA256

    9d5f805044b2032451c47a12c8c9baf3bda38d9670ddf62bcd30e465e9164e4b

  • SHA512

    4fa12ddd2db2c858909ce2ed380e17dc632a899b692d04bea8ebe094626abbca450f17c1ff5ec19f9b3d5475b2318d63b5efe9a5d40ecaa2fc44583ba4a29cc3

  • SSDEEP

    6144:Ucm4FmowdHoSEsIR7DsFhraHcpOaKHpXfRo0V8JcgE+ezpg1xrloBNTNDoDxL:i4wFHoSEsIR7seFaKHpv/VycgE81lg2

Malware Config

Targets

    • Target

      9d5f805044b2032451c47a12c8c9baf3bda38d9670ddf62bcd30e465e9164e4b

    • Size

      540KB

    • MD5

      872ee778dd8ae35319bc127011e734ee

    • SHA1

      78aea52817427d1d8b24f2828a6fcbd617e44507

    • SHA256

      9d5f805044b2032451c47a12c8c9baf3bda38d9670ddf62bcd30e465e9164e4b

    • SHA512

      4fa12ddd2db2c858909ce2ed380e17dc632a899b692d04bea8ebe094626abbca450f17c1ff5ec19f9b3d5475b2318d63b5efe9a5d40ecaa2fc44583ba4a29cc3

    • SSDEEP

      6144:Ucm4FmowdHoSEsIR7DsFhraHcpOaKHpXfRo0V8JcgE+ezpg1xrloBNTNDoDxL:i4wFHoSEsIR7seFaKHpv/VycgE81lg2

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks