Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Cheat Lab 2.7.2.msi

  • Size

    2.4MB

  • Sample

    240523-n8dl9agb22

  • MD5

    f97903fac84172871545926d6e553eb9

  • SHA1

    e6e027b77df4823f4ff37656867e8f40d4ebd732

  • SHA256

    35cee7837f460d9e1141e375af8438e868a9e6b8d923ed2673a980fcadfd4774

  • SHA512

    5d82d62399079a10d36f5c32b091592cff640c40f593140138a1c741fbc92c579925186a2dd40820cef9bb04a5a7680486508896e6032caa4909d49a95e3fd75

  • SSDEEP

    49152:zjfedtZKumZrEq4Fb6HXr1iWnYs4ntHurpllQ6aduxtZB6DXDNvu8S:+VKwFnWnwux567DNG8S

Score
8/10

Malware Config

Targets

    • Target

      Cheat Lab 2.7.2.msi

    • Size

      2.4MB

    • MD5

      f97903fac84172871545926d6e553eb9

    • SHA1

      e6e027b77df4823f4ff37656867e8f40d4ebd732

    • SHA256

      35cee7837f460d9e1141e375af8438e868a9e6b8d923ed2673a980fcadfd4774

    • SHA512

      5d82d62399079a10d36f5c32b091592cff640c40f593140138a1c741fbc92c579925186a2dd40820cef9bb04a5a7680486508896e6032caa4909d49a95e3fd75

    • SSDEEP

      49152:zjfedtZKumZrEq4Fb6HXr1iWnYs4ntHurpllQ6aduxtZB6DXDNvu8S:+VKwFnWnwux567DNG8S

    Score
    8/10
    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks