Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9dab5d9e5caca6691c053d12ef8cb0b2b935fd990133fcc8141d70dbd6ca9344

  • Size

    3.5MB

  • Sample

    240805-sada2stbmd

  • MD5

    eed580e4933eb1887391ba9739eb0746

  • SHA1

    92c3e92634320dfec6fa19349c5ee65c65a16394

  • SHA256

    9dab5d9e5caca6691c053d12ef8cb0b2b935fd990133fcc8141d70dbd6ca9344

  • SHA512

    4bf460a2706b6c1be51d79d72b9bfe3e9686964dc9f337587a3850d1274d8eb33a899504e2a2781803dd0c655eafddada9689b6caea1563471d1d55586ec2fca

  • SSDEEP

    49152:NDJ01sN3amEi/yCzfy3p5J3g2TYIAW3JmSqW7GPGokvqC:NDJ01lily55Jz2bnW7+j

Malware Config

Targets

    • Target

      9dab5d9e5caca6691c053d12ef8cb0b2b935fd990133fcc8141d70dbd6ca9344

    • Size

      3.5MB

    • MD5

      eed580e4933eb1887391ba9739eb0746

    • SHA1

      92c3e92634320dfec6fa19349c5ee65c65a16394

    • SHA256

      9dab5d9e5caca6691c053d12ef8cb0b2b935fd990133fcc8141d70dbd6ca9344

    • SHA512

      4bf460a2706b6c1be51d79d72b9bfe3e9686964dc9f337587a3850d1274d8eb33a899504e2a2781803dd0c655eafddada9689b6caea1563471d1d55586ec2fca

    • SSDEEP

      49152:NDJ01sN3amEi/yCzfy3p5J3g2TYIAW3JmSqW7GPGokvqC:NDJ01lily55Jz2bnW7+j

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Probable phishing domain

MITRE ATT&CK Enterprise v15

Tasks