Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
robuxgeneratorapp.zip
-
Size
4.0MB
-
Sample
240805-vntajawfkc
-
MD5
8fe623e12715e8a9b97ab2c76ac1f62c
-
SHA1
4710d10b08e3a2ec8a26d5cbed224eca6ed31da9
-
SHA256
d8887c5112ea53ac82874ff61e512619c74f538168f912c5b07c8bc2987c7fde
-
SHA512
c62ec10ca17bb4d86ad66fd5165c234e95598c69892fc7c7ddd263db5cf067526924cab9f2fa930a5d68c2334db7a0b3dc07a7ad47296ad8751cad7fc2bc4703
-
SSDEEP
98304:dtlPtvBTstspkme2gHnkxUtzn/8SjFnZcIAnHW/GjlmEYFyd:djVVse1gHnHn/8IFnZcr5mEYgd
Malware Config
Targets
-
-
Target
robuxgeneratorapp.exe
-
Size
7.0MB
-
MD5
cd7f96aa5c48273581e22aaabfc7167e
-
SHA1
2e350a557878c59a93a1abf13b7bf2307fa21a78
-
SHA256
acdf56cd54e954f2a876520fbb1ac715a56176a5aa0815bfa19713d8f535043b
-
SHA512
ede9a99cd87485a0235c15afee1e63e0ecfb4c62c9a84e3cf5fe6cbe721877838c1135c0c9401432d6725b8f9ba35b7e6b41fa75d51baf96d825bc05ee654e87
-
SSDEEP
98304:ksa9wrXfr7GposZExhblaYQ91V/BbH6bGw0EukKou1+P:ha0fr7Gr6xip1VZtw0EHKFU
Score8/10-
Blocklisted process makes network request
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Indirect Command Execution
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Indirect Command Execution
1Modify Registry
1