Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    远程控制.rar

  • Size

    45.9MB

  • Sample

    240713-nrv5za1emd

  • MD5

    3a8b2c8a3a6fe0451bee48ab02088c73

  • SHA1

    3b18d63c84b11c53a155dbbb329e23e69ef4bbf9

  • SHA256

    61f6292c090b98f23f5a1d287e2033d24be834caae0f663234912b0bc4331536

  • SHA512

    cb074bda3017e27befbe723d7984c4168739821a58b252f3ee26b6d292d34020fcf97f5a6579b71d601063df05a96d0848ad02547a04f525b15e1ea19c235dbe

  • SSDEEP

    786432:xbLgI4gY5QLWpifviGzH0xOzqjgxQic2MajHNTSXCEwPYO3PClYVwyg34+bXpQyD:KItY5fCiGzH0Cd3c2MajtWXlwp3KYV9U

Malware Config

Targets

    • Target

      JQX2P/TkRtoJe.exe

    • Size

      125KB

    • MD5

      1b86e7f23393360f0257228745cd77d2

    • SHA1

      ae28f155181d942ed4fdd6f59d4f452cce940320

    • SHA256

      1ad6c4e0c4959acf66fec67c5c34c6e6bd034661972954f27fd9df8a07539569

    • SHA512

      799209aa6136ec71e42ef937f25d8209b66c955b25ab2031928931f19af823df26b15ed6b6d2ab098d9283e2ed964fe6f6af9e9ea6b08f5831bbab463bf589bf

    • SSDEEP

      3072:yt2IhJW9KaY3gc4AXcItYamdfduUQcJClt83p02K/5ySVF:1IzyKHaAFYtiUQaBw5ygF

    • UAC bypass

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      Xz1z1QPsm/8R52t3q6.exe

    • Size

      125KB

    • MD5

      1b86e7f23393360f0257228745cd77d2

    • SHA1

      ae28f155181d942ed4fdd6f59d4f452cce940320

    • SHA256

      1ad6c4e0c4959acf66fec67c5c34c6e6bd034661972954f27fd9df8a07539569

    • SHA512

      799209aa6136ec71e42ef937f25d8209b66c955b25ab2031928931f19af823df26b15ed6b6d2ab098d9283e2ed964fe6f6af9e9ea6b08f5831bbab463bf589bf

    • SSDEEP

      3072:yt2IhJW9KaY3gc4AXcItYamdfduUQcJClt83p02K/5ySVF:1IzyKHaAFYtiUQaBw5ygF

    • UAC bypass

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      w2tPGuJUS/65Pt428Y.exe

    • Size

      125KB

    • MD5

      1b86e7f23393360f0257228745cd77d2

    • SHA1

      ae28f155181d942ed4fdd6f59d4f452cce940320

    • SHA256

      1ad6c4e0c4959acf66fec67c5c34c6e6bd034661972954f27fd9df8a07539569

    • SHA512

      799209aa6136ec71e42ef937f25d8209b66c955b25ab2031928931f19af823df26b15ed6b6d2ab098d9283e2ed964fe6f6af9e9ea6b08f5831bbab463bf589bf

    • SSDEEP

      3072:yt2IhJW9KaY3gc4AXcItYamdfduUQcJClt83p02K/5ySVF:1IzyKHaAFYtiUQaBw5ygF

    • UAC bypass

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      x2wg01JC/Qkt9goL5H.exe

    • Size

      125KB

    • MD5

      1b86e7f23393360f0257228745cd77d2

    • SHA1

      ae28f155181d942ed4fdd6f59d4f452cce940320

    • SHA256

      1ad6c4e0c4959acf66fec67c5c34c6e6bd034661972954f27fd9df8a07539569

    • SHA512

      799209aa6136ec71e42ef937f25d8209b66c955b25ab2031928931f19af823df26b15ed6b6d2ab098d9283e2ed964fe6f6af9e9ea6b08f5831bbab463bf589bf

    • SSDEEP

      3072:yt2IhJW9KaY3gc4AXcItYamdfduUQcJClt83p02K/5ySVF:1IzyKHaAFYtiUQaBw5ygF

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks