Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-07-30_8fe90853aecc84d7ea2595910c0ff323_darkside

  • Size

    159KB

  • Sample

    240730-jav2esvelq

  • MD5

    8fe90853aecc84d7ea2595910c0ff323

  • SHA1

    f005b72d83bc292fad91b76bb5a82301d5a5b7a4

  • SHA256

    01c81cc29fc455796042061fac08cca5a0f46b7c84c6ad84bb237cb13e29a6f6

  • SHA512

    1ee220c70aedf1d13b6e62507ec18575fbe4179a462779f7f0ac7907d22d1b35a2ab67cd2a03f236dfd8886347970f03b3d7588dffd786e0033bb00118524207

  • SSDEEP

    3072:NuJ9OlKolUa1U197bzhVsmftsR1dH4d1uza8aW3Brd:Nufj0zi1dNVsmftIl4YHbd

Malware Config

Targets

    • Target

      2024-07-30_8fe90853aecc84d7ea2595910c0ff323_darkside

    • Size

      159KB

    • MD5

      8fe90853aecc84d7ea2595910c0ff323

    • SHA1

      f005b72d83bc292fad91b76bb5a82301d5a5b7a4

    • SHA256

      01c81cc29fc455796042061fac08cca5a0f46b7c84c6ad84bb237cb13e29a6f6

    • SHA512

      1ee220c70aedf1d13b6e62507ec18575fbe4179a462779f7f0ac7907d22d1b35a2ab67cd2a03f236dfd8886347970f03b3d7588dffd786e0033bb00118524207

    • SSDEEP

      3072:NuJ9OlKolUa1U197bzhVsmftsR1dH4d1uza8aW3Brd:Nufj0zi1dNVsmftIl4YHbd

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Sets desktop wallpaper using registry

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks