Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    goodbye-chat-hello-chat.mp4

  • Size

    964KB

  • Sample

    240812-z6pghszhkj

  • MD5

    55d3d47db6fda275f15a8f0974242cb3

  • SHA1

    f50c4589953519b5ed58daaf42c9b5dce1a84e26

  • SHA256

    07a51158cd66442991065b7eb6ad87e5b9fa3838284c34e2dede0597df92db23

  • SHA512

    66dc4346281f70fa68a248a12b6b176a39af44de075fcea5b15f803c3481ec2049a88bcd0a8b43fe42d3ee911fd69f8e8ed9b9b496efe4f4ba5eec0d1431af29

  • SSDEEP

    24576:kO2zRosa5vvKKdZE9S2lommioo2rZeH+Jfr:VBvKK4zommro4Zemj

Malware Config

Targets

    • Target

      goodbye-chat-hello-chat.mp4

    • Size

      964KB

    • MD5

      55d3d47db6fda275f15a8f0974242cb3

    • SHA1

      f50c4589953519b5ed58daaf42c9b5dce1a84e26

    • SHA256

      07a51158cd66442991065b7eb6ad87e5b9fa3838284c34e2dede0597df92db23

    • SHA512

      66dc4346281f70fa68a248a12b6b176a39af44de075fcea5b15f803c3481ec2049a88bcd0a8b43fe42d3ee911fd69f8e8ed9b9b496efe4f4ba5eec0d1431af29

    • SSDEEP

      24576:kO2zRosa5vvKKdZE9S2lommioo2rZeH+Jfr:VBvKK4zommro4Zemj

    • Downloads MZ/PE file

    • Office macro that triggers on suspicious action

      Office document macro which triggers in special circumstances - often malicious.

    • Executes dropped EXE

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks