Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    07c2273c5687532dba09c2a4cdd02e2b0ce566e5a5bf7cc0a313f13309fec34d

  • Size

    50KB

  • Sample

    240703-w2vaestdmf

  • MD5

    caf8b21f5db9f183b773ebc78aad845a

  • SHA1

    78f900c0b298d8268d3539d2ac3a6c78f429ebb4

  • SHA256

    07c2273c5687532dba09c2a4cdd02e2b0ce566e5a5bf7cc0a313f13309fec34d

  • SHA512

    d699cec554fdc05630b1fc8a5e4949d336705e3a39bc0e47a7b1d7da8e06749f4d46b9ebde7245385504f2268f1d98b0f029d7e6a8cba6d251dff9e9c733eb3d

  • SSDEEP

    768:mzQYScGrIubHuYtvdxwYHw5FAe2Qkncwx9vMdJTeTXpnHTkGrbHdrzxDvDInmI:gQTIubHy5wQkJAejpzkGdxDLImI

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Targets

    • Target

      07c2273c5687532dba09c2a4cdd02e2b0ce566e5a5bf7cc0a313f13309fec34d

    • Size

      50KB

    • MD5

      caf8b21f5db9f183b773ebc78aad845a

    • SHA1

      78f900c0b298d8268d3539d2ac3a6c78f429ebb4

    • SHA256

      07c2273c5687532dba09c2a4cdd02e2b0ce566e5a5bf7cc0a313f13309fec34d

    • SHA512

      d699cec554fdc05630b1fc8a5e4949d336705e3a39bc0e47a7b1d7da8e06749f4d46b9ebde7245385504f2268f1d98b0f029d7e6a8cba6d251dff9e9c733eb3d

    • SSDEEP

      768:mzQYScGrIubHuYtvdxwYHw5FAe2Qkncwx9vMdJTeTXpnHTkGrbHdrzxDvDInmI:gQTIubHy5wQkJAejpzkGdxDLImI

    Score
    10/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks