Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    loader.exe

  • Size

    7.4MB

  • Sample

    240614-m9nyya1hrl

  • MD5

    e26f980e01937c11753a44cba974b75d

  • SHA1

    31b41b9a017dd34b971c32565c612aa10b3e98c3

  • SHA256

    f967660afa6c074af705058bd0e681c5a431e705b83149c6e54f5b04797ded19

  • SHA512

    df8db54b06d8abaa5c25cf0dfd94fafe5662f55edebb7c60755bbeeafc73a3ef72b694a646635dd592e9af355f3533d2818528bc673a2f43e6a04a38239c9b69

  • SSDEEP

    196608:cWxteurErvI9pWjgaAnajMsK23fQC//OoLxh:zteurEUWjJjYoo4jLxh

Malware Config

Targets

    • Target

      loader.exe

    • Size

      7.4MB

    • MD5

      e26f980e01937c11753a44cba974b75d

    • SHA1

      31b41b9a017dd34b971c32565c612aa10b3e98c3

    • SHA256

      f967660afa6c074af705058bd0e681c5a431e705b83149c6e54f5b04797ded19

    • SHA512

      df8db54b06d8abaa5c25cf0dfd94fafe5662f55edebb7c60755bbeeafc73a3ef72b694a646635dd592e9af355f3533d2818528bc673a2f43e6a04a38239c9b69

    • SSDEEP

      196608:cWxteurErvI9pWjgaAnajMsK23fQC//OoLxh:zteurEUWjJjYoo4jLxh

    Score
    10/10
    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      loader-o.pyc

    • Size

      1KB

    • MD5

      3df2ef0c76dbe37c8122c14dea7dea1c

    • SHA1

      55171913a3eab856fc91dd81eddcf388fb27c8f1

    • SHA256

      51686e90bcbb679b4c9e3ae542f2e5849de0c0a64e60fb1d009b8d66d7240e98

    • SHA512

      0572092d04a061ced9969f5434a7e8491bb1ca2a5d675e285892d811f691b3a1fe7f9883583b310dc44a134b8e0e4ff00eded3d3fac3980ae8ce2afc32e6164e

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks