Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

14/08/2024, 15:44

240814-s6jgyazgqb 10

14/08/2024, 15:10

240814-sj92datfkm 10

General

  • Target

    idapro.exe

  • Size

    327KB

  • Sample

    240814-s6jgyazgqb

  • MD5

    0ed74836af595a75d959e703e98f3735

  • SHA1

    f48fe1347528b1bcc210a90c60e93300ddfb1c31

  • SHA256

    3b14f10b8cd5c55d405785829bf2e8e4917fe1ac432ec0a376b2b4621314686c

  • SHA512

    dd5bb6e6c2674b8b2de6b22c0f7cc051303592d0fd50e14c8452988646760c907c9650e5b7ab594027e01faa9216f2b865b5ab015f34d92e62d51373f8152fbe

  • SSDEEP

    6144:UsLqdufVUNDa+anxutqrmxBpwrWlTKh4Qffn2n:PFUNDa+axuS+waZ84

Malware Config

Targets

    • Target

      idapro.exe

    • Size

      327KB

    • MD5

      0ed74836af595a75d959e703e98f3735

    • SHA1

      f48fe1347528b1bcc210a90c60e93300ddfb1c31

    • SHA256

      3b14f10b8cd5c55d405785829bf2e8e4917fe1ac432ec0a376b2b4621314686c

    • SHA512

      dd5bb6e6c2674b8b2de6b22c0f7cc051303592d0fd50e14c8452988646760c907c9650e5b7ab594027e01faa9216f2b865b5ab015f34d92e62d51373f8152fbe

    • SSDEEP

      6144:UsLqdufVUNDa+anxutqrmxBpwrWlTKh4Qffn2n:PFUNDa+axuS+waZ84

    • Modifies visiblity of hidden/system files in Explorer

    • Downloads MZ/PE file

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks