Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a70afece8cbb0eb26ef86687904e0f60ffa48b90566ccd193803600d1210d3d3

  • Size

    1.7MB

  • Sample

    240710-ahd87swenc

  • MD5

    2fd5576b5e480b6436985460d720d68f

  • SHA1

    14b5b57d5f25d93e637e2cf4e4fb7fa73f8f0549

  • SHA256

    a70afece8cbb0eb26ef86687904e0f60ffa48b90566ccd193803600d1210d3d3

  • SHA512

    0a8fc3b3a9e848811e1b784ce9ed931e56a8a7b863bc26089ea5928d6b6ffa37271b0d98922c24035296b589ca523da6da97e6bcb4d5113761a1dd900af6632d

  • SSDEEP

    24576:s+jEjecTVp6fHlKnbbe/P1njg2x2beBcgpbiNatNvj999RM4Z+4CF:HAH7nbmBzXvZ2F

Malware Config

Targets

    • Target

      a70afece8cbb0eb26ef86687904e0f60ffa48b90566ccd193803600d1210d3d3

    • Size

      1.7MB

    • MD5

      2fd5576b5e480b6436985460d720d68f

    • SHA1

      14b5b57d5f25d93e637e2cf4e4fb7fa73f8f0549

    • SHA256

      a70afece8cbb0eb26ef86687904e0f60ffa48b90566ccd193803600d1210d3d3

    • SHA512

      0a8fc3b3a9e848811e1b784ce9ed931e56a8a7b863bc26089ea5928d6b6ffa37271b0d98922c24035296b589ca523da6da97e6bcb4d5113761a1dd900af6632d

    • SSDEEP

      24576:s+jEjecTVp6fHlKnbbe/P1njg2x2beBcgpbiNatNvj999RM4Z+4CF:HAH7nbmBzXvZ2F

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks