Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    16fd19f1f5e7780280ed4d326acec692b36b1ecdc5491a0c9fb85523cb4fac11

  • Size

    2.0MB

  • Sample

    240530-c5xp6sbe8t

  • MD5

    85f2e62a636e6b9bbfb5b2d09e32103a

  • SHA1

    8bb41405706c65caa8c43a45a60fa1f9dc7ce205

  • SHA256

    16fd19f1f5e7780280ed4d326acec692b36b1ecdc5491a0c9fb85523cb4fac11

  • SHA512

    c5b6c240848d222e21a7f304f74904c522a422a76dbe6116730e9ff980b211c46707ec6f1155d11860f816730d204876e769a4e4015a97ef02122dff0ba851f9

  • SSDEEP

    49152:3BuZrEUia2huMjbt0ZnkVDiHF/FOqQzCb7iO:RkLz2gMjb0kVDi3QzCb7iO

Malware Config

Targets

    • Target

      16fd19f1f5e7780280ed4d326acec692b36b1ecdc5491a0c9fb85523cb4fac11

    • Size

      2.0MB

    • MD5

      85f2e62a636e6b9bbfb5b2d09e32103a

    • SHA1

      8bb41405706c65caa8c43a45a60fa1f9dc7ce205

    • SHA256

      16fd19f1f5e7780280ed4d326acec692b36b1ecdc5491a0c9fb85523cb4fac11

    • SHA512

      c5b6c240848d222e21a7f304f74904c522a422a76dbe6116730e9ff980b211c46707ec6f1155d11860f816730d204876e769a4e4015a97ef02122dff0ba851f9

    • SSDEEP

      49152:3BuZrEUia2huMjbt0ZnkVDiHF/FOqQzCb7iO:RkLz2gMjb0kVDi3QzCb7iO

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks