Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Posible_phish2.msg

  • Size

    74KB

  • Sample

    240806-yfh2dascka

  • MD5

    9aaaef2ad7e5ac10800260768d1e7b73

  • SHA1

    3197b5bacd5d2ee1b3bd0dfc85d72587be3db67f

  • SHA256

    45690eb3c123c36b7ab89e31b8d1a36c5862b57f782904cada4dec8b980d02af

  • SHA512

    b374c0a2378b32e91a7bf7a29054f1859a25a27ca5ac1bed9f2b6819d628faec842ab130e3cac4215ed998221ff64ebe90e1a223cfbea6f466829c15282559ba

  • SSDEEP

    1536:omi6QU+pCxHWzfGh7+46qqm2WdWe2B1WLcw8buAG:omipU32B1WLcwWu

Malware Config

Targets

    • Target

      Inv-219538.html

    • Size

      1KB

    • MD5

      d2c58680078d63f3e37c529ab6a25e14

    • SHA1

      dd281da25eaac82c264a18b07aca1a431f3cafa8

    • SHA256

      469bee8515910670d8fc028bf9cc575036f000bf5d49a90e0245c1bebcaebd53

    • SHA512

      ead1dda7469a4a0faa6abfcf73d4ef2ba2a79b2222f258b1c0676d948c873e3c3516f4da834a3b138ffc516b73e4d61e0e7b7ec1e8eef9b61997cd64a3012575

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • System Binary Proxy Execution: Verclsid

      Adversaries may abuse Verclsid to proxy execution of malicious code.

    • Detected potential entity reuse from brand microsoft.

MITRE ATT&CK Enterprise v15

Tasks