Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    robuxgeneratorapp.zip

  • Size

    4.0MB

  • Sample

    240805-vntajawfkc

  • MD5

    8fe623e12715e8a9b97ab2c76ac1f62c

  • SHA1

    4710d10b08e3a2ec8a26d5cbed224eca6ed31da9

  • SHA256

    d8887c5112ea53ac82874ff61e512619c74f538168f912c5b07c8bc2987c7fde

  • SHA512

    c62ec10ca17bb4d86ad66fd5165c234e95598c69892fc7c7ddd263db5cf067526924cab9f2fa930a5d68c2334db7a0b3dc07a7ad47296ad8751cad7fc2bc4703

  • SSDEEP

    98304:dtlPtvBTstspkme2gHnkxUtzn/8SjFnZcIAnHW/GjlmEYFyd:djVVse1gHnHn/8IFnZcr5mEYgd

Malware Config

Targets

    • Target

      robuxgeneratorapp.exe

    • Size

      7.0MB

    • MD5

      cd7f96aa5c48273581e22aaabfc7167e

    • SHA1

      2e350a557878c59a93a1abf13b7bf2307fa21a78

    • SHA256

      acdf56cd54e954f2a876520fbb1ac715a56176a5aa0815bfa19713d8f535043b

    • SHA512

      ede9a99cd87485a0235c15afee1e63e0ecfb4c62c9a84e3cf5fe6cbe721877838c1135c0c9401432d6725b8f9ba35b7e6b41fa75d51baf96d825bc05ee654e87

    • SSDEEP

      98304:ksa9wrXfr7GposZExhblaYQ91V/BbH6bGw0EukKou1+P:ha0fr7Gr6xip1VZtw0EHKFU

    • Blocklisted process makes network request

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Indirect Command Execution

      Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks