Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7a8d5dc583ec98d3944ccf35d7fb4848b57e3dcce5317b6df410e19812534e03

  • Size

    443KB

  • Sample

    240817-ba9kta1dll

  • MD5

    b1db800bb3ad5885ce6abdb7a41153c1

  • SHA1

    50e0d36c311343fa511956697962a1b13416e777

  • SHA256

    7a8d5dc583ec98d3944ccf35d7fb4848b57e3dcce5317b6df410e19812534e03

  • SHA512

    a3fd3cfdaed748e102e8d70fff7cf9916cb266917ae655782bc1f17df81ea3001b398b349990b2d06846a5267f1045d4013c8b235318d15409b3296eb43ba02c

  • SSDEEP

    6144:GfweR7gpANB0sv2YYuwfDoOPV1x0GwYpkxeRhLTQfoSeV:Y1R7gpAwsuvDNP/xyqkxeTLTQfoSeV

Malware Config

Targets

    • Target

      7a8d5dc583ec98d3944ccf35d7fb4848b57e3dcce5317b6df410e19812534e03

    • Size

      443KB

    • MD5

      b1db800bb3ad5885ce6abdb7a41153c1

    • SHA1

      50e0d36c311343fa511956697962a1b13416e777

    • SHA256

      7a8d5dc583ec98d3944ccf35d7fb4848b57e3dcce5317b6df410e19812534e03

    • SHA512

      a3fd3cfdaed748e102e8d70fff7cf9916cb266917ae655782bc1f17df81ea3001b398b349990b2d06846a5267f1045d4013c8b235318d15409b3296eb43ba02c

    • SSDEEP

      6144:GfweR7gpANB0sv2YYuwfDoOPV1x0GwYpkxeRhLTQfoSeV:Y1R7gpAwsuvDNP/xyqkxeTLTQfoSeV

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks