Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0ea3dbbcf13eff95bd92d72540142c34e43aa5449bcecdeb3ea5c76ff5d27be9

  • Size

    58KB

  • Sample

    240608-xltjmaeg3w

  • MD5

    d4e22e2e3aee32786504a750a5d0cd64

  • SHA1

    b37c7590743ad2e3d4a312e560958d1df3984148

  • SHA256

    0ea3dbbcf13eff95bd92d72540142c34e43aa5449bcecdeb3ea5c76ff5d27be9

  • SHA512

    6ab6958afc57fb62e512d7aaf5c0d17078736e6d818d5a33c1fc9b2e7f0f1ed75f6d6b099a4730622b97aeeb598885bd1449e9d1cfc4b28317c3986017b83a0f

  • SSDEEP

    768:9qSqC8+N5ozQQRncwxWmNXMX3cX8wtgtzpAXpX8/X/7CUrfbtSqktm:9rqfzQQRamN8835mv7CUroqkE

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Targets

    • Target

      0ea3dbbcf13eff95bd92d72540142c34e43aa5449bcecdeb3ea5c76ff5d27be9

    • Size

      58KB

    • MD5

      d4e22e2e3aee32786504a750a5d0cd64

    • SHA1

      b37c7590743ad2e3d4a312e560958d1df3984148

    • SHA256

      0ea3dbbcf13eff95bd92d72540142c34e43aa5449bcecdeb3ea5c76ff5d27be9

    • SHA512

      6ab6958afc57fb62e512d7aaf5c0d17078736e6d818d5a33c1fc9b2e7f0f1ed75f6d6b099a4730622b97aeeb598885bd1449e9d1cfc4b28317c3986017b83a0f

    • SSDEEP

      768:9qSqC8+N5ozQQRncwxWmNXMX3cX8wtgtzpAXpX8/X/7CUrfbtSqktm:9rqfzQQRamN8835mv7CUroqkE

    Score
    10/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks