Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    S500RAT.exe

  • Size

    18.0MB

  • Sample

    240715-blm6ys1ejq

  • MD5

    5b52658c4517684971de10a6b7a67c30

  • SHA1

    f0820c52617ebacaf53d8b8d97f1a42c712888bd

  • SHA256

    3ec85206a8c5d584c2cf4ab575bdd5cf4b29ed3a896032a1adc37f1c08507b31

  • SHA512

    ce96d25cfbb0d2c4addf242aa05c05909d7a883a70881df8336498b16913ec21bd64c07519eba89b2da90a05902fd7618e172a7602b985153eac09d9f226c8d6

  • SSDEEP

    393216:o/dQeve921Fkv09cHJZwGn5GkPVtGhyyepDoSYYD4WchJ2sphHJG8:o1/LFkvPHJZwGn5dChyRpchNBJG8

Score
8/10

Malware Config

Targets

    • Target

      S500RAT.exe

    • Size

      18.0MB

    • MD5

      5b52658c4517684971de10a6b7a67c30

    • SHA1

      f0820c52617ebacaf53d8b8d97f1a42c712888bd

    • SHA256

      3ec85206a8c5d584c2cf4ab575bdd5cf4b29ed3a896032a1adc37f1c08507b31

    • SHA512

      ce96d25cfbb0d2c4addf242aa05c05909d7a883a70881df8336498b16913ec21bd64c07519eba89b2da90a05902fd7618e172a7602b985153eac09d9f226c8d6

    • SSDEEP

      393216:o/dQeve921Fkv09cHJZwGn5GkPVtGhyyepDoSYYD4WchJ2sphHJG8:o1/LFkvPHJZwGn5dChyRpchNBJG8

    Score
    8/10
    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks