Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4d504bb989d53d0ac69b06091c2f8d573551dbd66e8823be4d7b52971d0b40fb

  • Size

    2.6MB

  • Sample

    240811-lybzkavbql

  • MD5

    6d49594b78319443f5dd4b9fafddd353

  • SHA1

    21fa69cafdc1dfcd1c23cedbd036769e6d60740f

  • SHA256

    4d504bb989d53d0ac69b06091c2f8d573551dbd66e8823be4d7b52971d0b40fb

  • SHA512

    be50969f7b2149283557d37d67cf6a75654610f506726c612dde781bd4cae36ba5166fe55e87df398992318ae0486f8773eb79cab4a679e822c7142b843d9129

  • SSDEEP

    49152:f88YbbMB3dGaQxtrhqdAH/DcVfgikTFAYgYRgr5m7ff+jI7/SMH7Bdc:fTUG3dGvnqOfoJWAYgYAY2k7dtdc

Score
7/10

Malware Config

Targets

    • Target

      Infatica P2B/infatica_agent.exe

    • Size

      3.5MB

    • MD5

      9012ee01a6f382cded63a3184d504bed

    • SHA1

      d6f899531a38f0837d995f0acbc5e1538f69236e

    • SHA256

      4f966328f131988979eb1401e9ef512836b35e79502877e00566a261b58409cb

    • SHA512

      b77d368f3ee2dba23d5742ed0059bb308d1efb08836a7fbd9a310f9771c17797937b81fb57c230531ca22543e82ac0174b6a5876916050c1011f5878b7d325b4

    • SSDEEP

      49152:XRs2r1IKqvQtRWme4s5LVc/fp18n5Igsxjq2iOIr+3r4ArUZ8:hs2SpyEme4fOTwq2iOLkQm8

    Score
    3/10
    • Target

      Infatica P2B/unins000.exe

    • Size

      1.1MB

    • MD5

      0c083266eec7437ba0dfe44e451ab71f

    • SHA1

      4754cda6c84cea49c6a1f0d79b2c42958de2c7e9

    • SHA256

      d2dcf7ed0c656532ed25cd496ac237223985bb56cb688f125cbbf940ddb9c6bb

    • SHA512

      08c7140b707f78d1203f5cf21bf55dab32a63f71cf8c530af4afcfaf5a42f9431a09794708d57102d065955b1e296dab979855579e445bfdfbf649f75ce3ce22

    • SSDEEP

      24576:JtdAm9DUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFt5lTxytj:3qTytRFk6ek1Lo

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks