Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f6181f9e5f4c319804561999c27f5ab02d1c6820e832823044816f1974ebc7d1.exe

  • Size

    6.0MB

  • Sample

    240608-j6c6gsbc94

  • MD5

    8c0f0f48bf7086d1f9d9190a5c8a0b6e

  • SHA1

    1f5b4c8b25d68c5696d48c96fba5680dd82a4dd5

  • SHA256

    f6181f9e5f4c319804561999c27f5ab02d1c6820e832823044816f1974ebc7d1

  • SHA512

    eba62d38dd16d3a711762638751278bc83cc5c7e670e67270427c1f79fd0066977b0b4c6838521014d6c687b896458d51e05b931208262455cf440cb01bba4cf

  • SSDEEP

    98304:YJSdDP4p289p8NyUJYnBquzfc050vvZ16oAcs9XIcGcU09AQFGbVDs9o36QA:D9Eh9pk9JYnBDzk0qZ16oAcs9XI1ksKb

Malware Config

Targets

    • Target

      f6181f9e5f4c319804561999c27f5ab02d1c6820e832823044816f1974ebc7d1.exe

    • Size

      6.0MB

    • MD5

      8c0f0f48bf7086d1f9d9190a5c8a0b6e

    • SHA1

      1f5b4c8b25d68c5696d48c96fba5680dd82a4dd5

    • SHA256

      f6181f9e5f4c319804561999c27f5ab02d1c6820e832823044816f1974ebc7d1

    • SHA512

      eba62d38dd16d3a711762638751278bc83cc5c7e670e67270427c1f79fd0066977b0b4c6838521014d6c687b896458d51e05b931208262455cf440cb01bba4cf

    • SSDEEP

      98304:YJSdDP4p289p8NyUJYnBquzfc050vvZ16oAcs9XIcGcU09AQFGbVDs9o36QA:D9Eh9pk9JYnBDzk0qZ16oAcs9XI1ksKb

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Adds policy Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks