Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e5cdba15f1d8bbdbd602ac264141972f3f75c200818776277548fde9942d9885

  • Size

    3.6MB

  • Sample

    240530-dbl71scg54

  • MD5

    fa4f1702651bae0a7c60365fde6ffdb5

  • SHA1

    c4f2919473d1185f0f42225631d8e5f490a4e571

  • SHA256

    e5cdba15f1d8bbdbd602ac264141972f3f75c200818776277548fde9942d9885

  • SHA512

    f0ef14663fcefea0576e633f2eed9fb86d5d3bcfa3b6dad357dfb0dd8430a2bf3131702e921188577ecc3bf318d844eb5ec5a3e895bd5fc37c6c4a6e3cfa8d08

  • SSDEEP

    98304:5kLG2vP6n8jSNvHNv6stgcPyrhtxqVT6d9y426tM:a/H/joNykgnHyzB0M

Malware Config

Targets

    • Target

      e5cdba15f1d8bbdbd602ac264141972f3f75c200818776277548fde9942d9885

    • Size

      3.6MB

    • MD5

      fa4f1702651bae0a7c60365fde6ffdb5

    • SHA1

      c4f2919473d1185f0f42225631d8e5f490a4e571

    • SHA256

      e5cdba15f1d8bbdbd602ac264141972f3f75c200818776277548fde9942d9885

    • SHA512

      f0ef14663fcefea0576e633f2eed9fb86d5d3bcfa3b6dad357dfb0dd8430a2bf3131702e921188577ecc3bf318d844eb5ec5a3e895bd5fc37c6c4a6e3cfa8d08

    • SSDEEP

      98304:5kLG2vP6n8jSNvHNv6stgcPyrhtxqVT6d9y426tM:a/H/joNykgnHyzB0M

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks