Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

14/05/2024, 12:00

240514-n6fntsed8x 10

14/05/2024, 11:56

240514-n3471sec9s 10

General

  • Target

    Mars_Grabber_V8.exe

  • Size

    76.4MB

  • Sample

    240514-n3471sec9s

  • MD5

    06b3c898fc2ce8f4d1091d6571107ce9

  • SHA1

    b937f53cb37b1cebd23aad5c62532fe724749f63

  • SHA256

    97d0499cd73b3b0c22b8ef15be8c4776a6bf610b67fad27110aed4266bb3bc49

  • SHA512

    345b8dc93edb00c7a65f82adba0afde891646313399114ab96ed3ef9e3ab3bc0828acda06910c9c113a8193c8c2297157bb9a46f3c4d87ee15ee0349991652f1

  • SSDEEP

    1572864:9viEZjTgESk8IpG7V+VPhqQdSsE7mjxziYweyJulZUdgl0WVkj9egOqZ9U3:9vZZJSkB05awkSwtspuB0c4j9U

Malware Config

Targets

    • Target

      Mars_Grabber_V8.exe

    • Size

      76.4MB

    • MD5

      06b3c898fc2ce8f4d1091d6571107ce9

    • SHA1

      b937f53cb37b1cebd23aad5c62532fe724749f63

    • SHA256

      97d0499cd73b3b0c22b8ef15be8c4776a6bf610b67fad27110aed4266bb3bc49

    • SHA512

      345b8dc93edb00c7a65f82adba0afde891646313399114ab96ed3ef9e3ab3bc0828acda06910c9c113a8193c8c2297157bb9a46f3c4d87ee15ee0349991652f1

    • SSDEEP

      1572864:9viEZjTgESk8IpG7V+VPhqQdSsE7mjxziYweyJulZUdgl0WVkj9egOqZ9U3:9vZZJSkB05awkSwtspuB0c4j9U

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks