Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79

  • Size

    3.2MB

  • Sample

    240522-aqz6mseg8v

  • MD5

    24c9c9af1e37266bde3c8791524165b1

  • SHA1

    bd381ccb173e6bd597c9a56e1f49a317b8bf2bad

  • SHA256

    6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79

  • SHA512

    dcfe87a71e98c6e0c022f2a176e95ccfe1c79867200854bdc88697794b2df535403fa345527438351156788ce47f0f2e2c67568b06e2df99db812e45b7e5a6e8

  • SSDEEP

    98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWj:SbBeSFkX

Malware Config

Targets

    • Target

      6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79

    • Size

      3.2MB

    • MD5

      24c9c9af1e37266bde3c8791524165b1

    • SHA1

      bd381ccb173e6bd597c9a56e1f49a317b8bf2bad

    • SHA256

      6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79

    • SHA512

      dcfe87a71e98c6e0c022f2a176e95ccfe1c79867200854bdc88697794b2df535403fa345527438351156788ce47f0f2e2c67568b06e2df99db812e45b7e5a6e8

    • SSDEEP

      98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWj:SbBeSFkX

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Detects executables containing URLs to raw contents of a Github gist

    • UPX dump on OEP (original entry point)

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks