Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    068fb7605542cd8350ed34ec2d767856.exe

  • Size

    3.8MB

  • Sample

    240529-jcdj6afh33

  • MD5

    068fb7605542cd8350ed34ec2d767856

  • SHA1

    0c3edb958e306394cd1203e731dc781155ab2e70

  • SHA256

    977e96e9ae5faa6f44902dadddec67871aede5d7edef4e4be60b70146269b23d

  • SHA512

    70328066f04c2a5250de300e8ca4445cee381c13e417f2516fc3dc739b56808971ef622afb962fbefc19689e079b78080065c653aaf28c1cbb0e5f398380f29d

  • SSDEEP

    98304:ykLI1vX2oBOOsQ0UfDZ5IyvJZxeaxt29s4C1eH94:dI1vnyUfDZ5nhZvxt5o94

Malware Config

Targets

    • Target

      068fb7605542cd8350ed34ec2d767856.exe

    • Size

      3.8MB

    • MD5

      068fb7605542cd8350ed34ec2d767856

    • SHA1

      0c3edb958e306394cd1203e731dc781155ab2e70

    • SHA256

      977e96e9ae5faa6f44902dadddec67871aede5d7edef4e4be60b70146269b23d

    • SHA512

      70328066f04c2a5250de300e8ca4445cee381c13e417f2516fc3dc739b56808971ef622afb962fbefc19689e079b78080065c653aaf28c1cbb0e5f398380f29d

    • SSDEEP

      98304:ykLI1vX2oBOOsQ0UfDZ5IyvJZxeaxt29s4C1eH94:dI1vnyUfDZ5nhZvxt5o94

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks