Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ADB.exe

  • Size

    1.1MB

  • Sample

    240708-3p4fwsveqm

  • MD5

    c1f9696650a7965bae37f5237bfcad32

  • SHA1

    500f7da087d618a0903639cd59b9ca2ba92a46ba

  • SHA256

    155eee426bb4f90b77a11ab86a8d165e01dd4f14109e6a0cd6c64bd0c010fa2a

  • SHA512

    ccb525e44129b3e57d47f9803b670ddeb78100581ac5d7a9a5e93a0718861ce700a1cba34a067c916644fb0e177879087574360388702576040e07a865d041bc

  • SSDEEP

    24576:2ddFMz0EsyK1V9B0ihaw4NlP5r7i4V3ps78VC9JtsV+n1:2dd6z0isVz0KaP7iYwoUOk

Malware Config

Targets

    • Target

      ADB.exe

    • Size

      1.1MB

    • MD5

      c1f9696650a7965bae37f5237bfcad32

    • SHA1

      500f7da087d618a0903639cd59b9ca2ba92a46ba

    • SHA256

      155eee426bb4f90b77a11ab86a8d165e01dd4f14109e6a0cd6c64bd0c010fa2a

    • SHA512

      ccb525e44129b3e57d47f9803b670ddeb78100581ac5d7a9a5e93a0718861ce700a1cba34a067c916644fb0e177879087574360388702576040e07a865d041bc

    • SSDEEP

      24576:2ddFMz0EsyK1V9B0ihaw4NlP5r7i4V3ps78VC9JtsV+n1:2dd6z0isVz0KaP7iYwoUOk

    • Blocklisted process makes network request

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks