Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

vs-tabi-ex...].html

windows10-1703-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vs-tabi-ex-boyfriend[1]

  • Size

    43KB

  • Sample

    240613-wxx6hs1grl

  • MD5

    7ccee7d2c7eb4c0b68c80cd4a8c7d699

  • SHA1

    b9b7b6923355e1bcb216db368144d6566e7cb0dc

  • SHA256

    a4f0d6aded7a88a0cbb0acbd0ea071feb5494395338edd221ea30e569b00fc65

  • SHA512

    8cdf106ca15098daaa89c5a4f724c18809b413e9dce2729717bfa7026c241d048167261d63d517e08166c90ab28aa88a9bed59a1f26093b206bdec7b41408663

  • SSDEEP

    384:NiKMcRMXoukoq9hnD974YUr1hWcyhgQTihK/EEDzh9NRF0KVmOfP23KkkR3xYzhY:oKFRMXouko8RGecyhfJ/dDK3Kkauzhj8

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      vs-tabi-ex-boyfriend[1]

    • Size

      43KB

    • MD5

      7ccee7d2c7eb4c0b68c80cd4a8c7d699

    • SHA1

      b9b7b6923355e1bcb216db368144d6566e7cb0dc

    • SHA256

      a4f0d6aded7a88a0cbb0acbd0ea071feb5494395338edd221ea30e569b00fc65

    • SHA512

      8cdf106ca15098daaa89c5a4f724c18809b413e9dce2729717bfa7026c241d048167261d63d517e08166c90ab28aa88a9bed59a1f26093b206bdec7b41408663

    • SSDEEP

      384:NiKMcRMXoukoq9hnD974YUr1hWcyhgQTihK/EEDzh9NRF0KVmOfP23KkkR3xYzhY:oKFRMXouko8RGecyhfJ/dDK3Kkauzhj8

    Score
    8/10
    bootkitpersistence

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks