Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    985ff57a323776493f53da404ac68426da4a73e9a4e9bc8249b8506e1cbe8be1

  • Size

    4.6MB

  • Sample

    240527-d95r1seh9y

  • MD5

    22ad5bdd6c7602233ffa5173c49b0719

  • SHA1

    e6b8f5ce07b70867c5071f7655cdd6f6bb69e0c0

  • SHA256

    985ff57a323776493f53da404ac68426da4a73e9a4e9bc8249b8506e1cbe8be1

  • SHA512

    2c3dd109d5a409ba4ac3b33868280cc6b1e958a6392a0526105a1eef67db3c78a6cbc698bb8eec5d98b202b4f37c88e90a2473c64d04e76dbbe965484e37f8c4

  • SSDEEP

    98304:mJ83IAaNlvZpRyoOVtreNi1yLtzogS1Ur15QsEvhl5GD:Z5abnR6t6NiwZPr71Evj5GD

Malware Config

Targets

    • Target

      985ff57a323776493f53da404ac68426da4a73e9a4e9bc8249b8506e1cbe8be1

    • Size

      4.6MB

    • MD5

      22ad5bdd6c7602233ffa5173c49b0719

    • SHA1

      e6b8f5ce07b70867c5071f7655cdd6f6bb69e0c0

    • SHA256

      985ff57a323776493f53da404ac68426da4a73e9a4e9bc8249b8506e1cbe8be1

    • SHA512

      2c3dd109d5a409ba4ac3b33868280cc6b1e958a6392a0526105a1eef67db3c78a6cbc698bb8eec5d98b202b4f37c88e90a2473c64d04e76dbbe965484e37f8c4

    • SSDEEP

      98304:mJ83IAaNlvZpRyoOVtreNi1yLtzogS1Ur15QsEvhl5GD:Z5abnR6t6NiwZPr71Evj5GD

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks