Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    de5f8b987e059597e123828acfd03240724f64414d4b8dc58781801e55369ff6

  • Size

    4.4MB

  • Sample

    240514-lb1z6saa8v

  • MD5

    94d08733b55fdb08c511ad929d2ddf03

  • SHA1

    092750754bb8d0a579ac78a6c8c1ae8650ce913a

  • SHA256

    de5f8b987e059597e123828acfd03240724f64414d4b8dc58781801e55369ff6

  • SHA512

    f35db41d2fabe84df43faca46f73c82f244247f3e4949b66590ee9da5c3ffc071ee2c7761a74a1b882b8d27705cc9999c63ffae8965c1491888fc5fd69c4c590

  • SSDEEP

    98304:W8JhJymQu/mOU9ItFnVLsrzcuU3103isHZv9+:amT89IHVLsrlUC3i6v9+

Malware Config

Targets

    • Target

      de5f8b987e059597e123828acfd03240724f64414d4b8dc58781801e55369ff6

    • Size

      4.4MB

    • MD5

      94d08733b55fdb08c511ad929d2ddf03

    • SHA1

      092750754bb8d0a579ac78a6c8c1ae8650ce913a

    • SHA256

      de5f8b987e059597e123828acfd03240724f64414d4b8dc58781801e55369ff6

    • SHA512

      f35db41d2fabe84df43faca46f73c82f244247f3e4949b66590ee9da5c3ffc071ee2c7761a74a1b882b8d27705cc9999c63ffae8965c1491888fc5fd69c4c590

    • SSDEEP

      98304:W8JhJymQu/mOU9ItFnVLsrzcuU3103isHZv9+:amT89IHVLsrlUC3i6v9+

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks