Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
02429e5f005f74dc02fff336ff7798bb.bin
-
Size
1.7MB
-
Sample
240511-bcnfcsca8w
-
MD5
02429e5f005f74dc02fff336ff7798bb
-
SHA1
81f8c8736fc68311298d585c5a74f5405c642a90
-
SHA256
f68bbca8620eae34389f4b6238e1cb6245437a13e10ef376a8b02c0e2c39118c
-
SHA512
18b3e103becd69d0d775c8c1152b9260669e2c2faaad2b155ef72ef68c289644a815cdfff0a3c11f1db0cb23e4a6286ffc234bf36e86b86553e78e41844bad21
-
SSDEEP
49152:7+nenzcErNNQJLg3NCLTuXJdWdYw6VdNRIky/Cr70Qi+pYq:cdUCWXJdWGw6VdIky/Cr4QN6
Malware Config
Targets
-
-
Target
02429e5f005f74dc02fff336ff7798bb.bin
-
Size
1.7MB
-
MD5
02429e5f005f74dc02fff336ff7798bb
-
SHA1
81f8c8736fc68311298d585c5a74f5405c642a90
-
SHA256
f68bbca8620eae34389f4b6238e1cb6245437a13e10ef376a8b02c0e2c39118c
-
SHA512
18b3e103becd69d0d775c8c1152b9260669e2c2faaad2b155ef72ef68c289644a815cdfff0a3c11f1db0cb23e4a6286ffc234bf36e86b86553e78e41844bad21
-
SSDEEP
49152:7+nenzcErNNQJLg3NCLTuXJdWdYw6VdNRIky/Cr70Qi+pYq:cdUCWXJdWGw6VdIky/Cr4QN6
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2