Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bf702f0bbd07e3ae1d96f7176e8df7c1d3e68e355f89646b42aff1f326427952

  • Size

    3.0MB

  • Sample

    240530-d5nypsda2y

  • MD5

    8308c8a1d88898ca198499edd0bc87d2

  • SHA1

    285cd6548b2dd3d111b540821d0d7ede5f0b35d8

  • SHA256

    bf702f0bbd07e3ae1d96f7176e8df7c1d3e68e355f89646b42aff1f326427952

  • SHA512

    5c52ca9138a965b1bfe0f0eabbed240d5c0712d88a72bd33b7b8068e8ffc055c7d09c223ab55543780608a1e653d9876da59977a0dd4e4ec4f6c9cc841a4d227

  • SSDEEP

    49152:3BuZrEUda2huMjbt0ZnkVv7VKbKs/V0u/I7bqt8MI+6F/FOqQzCb7iO:RkLo2gMjb0kVEbK6V0uEb4IJQzCb7iO

Malware Config

Targets

    • Target

      bf702f0bbd07e3ae1d96f7176e8df7c1d3e68e355f89646b42aff1f326427952

    • Size

      3.0MB

    • MD5

      8308c8a1d88898ca198499edd0bc87d2

    • SHA1

      285cd6548b2dd3d111b540821d0d7ede5f0b35d8

    • SHA256

      bf702f0bbd07e3ae1d96f7176e8df7c1d3e68e355f89646b42aff1f326427952

    • SHA512

      5c52ca9138a965b1bfe0f0eabbed240d5c0712d88a72bd33b7b8068e8ffc055c7d09c223ab55543780608a1e653d9876da59977a0dd4e4ec4f6c9cc841a4d227

    • SSDEEP

      49152:3BuZrEUda2huMjbt0ZnkVv7VKbKs/V0u/I7bqt8MI+6F/FOqQzCb7iO:RkLo2gMjb0kVEbK6V0uEb4IJQzCb7iO

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks