Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Covid-666.exe

  • Size

    687KB

  • Sample

    240529-sydlqaae6y

  • MD5

    0c303ae1347c0395a96f3eb38d26d7ed

  • SHA1

    c8cf473a22fc86ddad00ec286e94422f4b7d5c59

  • SHA256

    1eefaeb98524277d1aeb459b6e4a31472ce2f4ff15f8f45b051e1c8a021c8fa7

  • SHA512

    57e9ca4e5339164a6c3e5f53b8f30410d86139355390e17a2926d5b2263a511f0d47b26f70e95a5cf8daf4c365fec7f057614636e6f092d8320fcdda8debea93

  • SSDEEP

    12288:U7M23cFQpIn5tghlAjyCey1vLd31utolsqHzc30qOocuXi7oS:Ug2sq2nohlAtrvLjutQtI3bOoli

Malware Config

Targets

    • Target

      Covid-666.exe

    • Size

      687KB

    • MD5

      0c303ae1347c0395a96f3eb38d26d7ed

    • SHA1

      c8cf473a22fc86ddad00ec286e94422f4b7d5c59

    • SHA256

      1eefaeb98524277d1aeb459b6e4a31472ce2f4ff15f8f45b051e1c8a021c8fa7

    • SHA512

      57e9ca4e5339164a6c3e5f53b8f30410d86139355390e17a2926d5b2263a511f0d47b26f70e95a5cf8daf4c365fec7f057614636e6f092d8320fcdda8debea93

    • SSDEEP

      12288:U7M23cFQpIn5tghlAjyCey1vLd31utolsqHzc30qOocuXi7oS:Ug2sq2nohlAtrvLjutQtI3bOoli

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks