Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-06-02_725e2b9b603623bb3d950219c5360bf3_icedid_plugx

  • Size

    19.1MB

  • Sample

    240602-qzhwqaef83

  • MD5

    725e2b9b603623bb3d950219c5360bf3

  • SHA1

    6056c58a5f1aaf1368ceaa5fb74e02b2d484d897

  • SHA256

    1fc30924bbfa0e0ad05bf284d230de082d0c44a2268b9cac8683a7d0b967ea72

  • SHA512

    e6b64bc848d841a3a4303e2df1e1d9a6cb28f4fe4430084d38c600d75d07508821a9ab1186ddcfb4ad7adc0eac8c6c21fd1d2fbf9f6ac4d07413b79c8d80eb41

  • SSDEEP

    393216:1xKfYW1vBiE9xABiE9xC1F1p1NBiE9xdE:TW1Zkk1F1p1j7

Malware Config

Targets

    • Target

      2024-06-02_725e2b9b603623bb3d950219c5360bf3_icedid_plugx

    • Size

      19.1MB

    • MD5

      725e2b9b603623bb3d950219c5360bf3

    • SHA1

      6056c58a5f1aaf1368ceaa5fb74e02b2d484d897

    • SHA256

      1fc30924bbfa0e0ad05bf284d230de082d0c44a2268b9cac8683a7d0b967ea72

    • SHA512

      e6b64bc848d841a3a4303e2df1e1d9a6cb28f4fe4430084d38c600d75d07508821a9ab1186ddcfb4ad7adc0eac8c6c21fd1d2fbf9f6ac4d07413b79c8d80eb41

    • SSDEEP

      393216:1xKfYW1vBiE9xABiE9xC1F1p1NBiE9xdE:TW1Zkk1F1p1j7

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Detects Windows executables referencing non-Windows User-Agents

    • UPX dump on OEP (original entry point)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks