Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    www.DeadSec0000000000-obfusecator.exe

  • Size

    164KB

  • Sample

    240805-wqsmfsteml

  • MD5

    22d120454dd38d7f1a3f1cd0eb497f95

  • SHA1

    4c11a082bf8e64b21310b959821a9f7324aa8107

  • SHA256

    6fda5bd63e6647c70c7f420b4145898cada9e1a8bff4fca7f6a5859b648d217c

  • SHA512

    1552101b7a22082eb69fe3485c53f595055bfc6db01ed14d4abc6f9cb9793e8ca3bc2f2448741fd8b4616f735c9f4f2e0299dc938d264103107fccbe68dc39a9

  • SSDEEP

    3072:2QpshPjBCk79JFsCN5dbTA4ZbenYm7MHdcytrkueBuG1/dhRAJiYr:2QpshPjBCuJH5d3fZbeT4KueBu4jRsr

Malware Config

Targets

    • Target

      www.DeadSec0000000000-obfusecator.exe

    • Size

      164KB

    • MD5

      22d120454dd38d7f1a3f1cd0eb497f95

    • SHA1

      4c11a082bf8e64b21310b959821a9f7324aa8107

    • SHA256

      6fda5bd63e6647c70c7f420b4145898cada9e1a8bff4fca7f6a5859b648d217c

    • SHA512

      1552101b7a22082eb69fe3485c53f595055bfc6db01ed14d4abc6f9cb9793e8ca3bc2f2448741fd8b4616f735c9f4f2e0299dc938d264103107fccbe68dc39a9

    • SSDEEP

      3072:2QpshPjBCk79JFsCN5dbTA4ZbenYm7MHdcytrkueBuG1/dhRAJiYr:2QpshPjBCuJH5d3fZbeT4KueBu4jRsr

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Indicator Removal: Clear Windows Event Logs

      Clear Windows Event Logs to hide the activity of an intrusion.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks