Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-08-20_24e84ed22723fd8b41fb2d712672c86c_poet-rat_sliver_snatch

  • Size

    20.2MB

  • Sample

    240820-ar7xwaxhnm

  • MD5

    24e84ed22723fd8b41fb2d712672c86c

  • SHA1

    8bd9a7801c728fd4f9d21e81aef3d73444cdf1a6

  • SHA256

    6dcb6e129c00e4c66221c2ddc8281f52f754e45ed4fa607a9519c9979b4fb7d4

  • SHA512

    62e999ce24d14ad6c2f3abd619dc80481773c3b60850a0241e6187995d0a67e7f74690098372e0d4aa32ccdf3f6d7458441bc0e245d32adc93517be855d0f4c1

  • SSDEEP

    196608:W2I9nkWvC0jNL4vnUFEYwEcPdpjS5E6CYaBja:W2IdHCw4v9kAdpjy6a

Malware Config

Targets

    • Target

      2024-08-20_24e84ed22723fd8b41fb2d712672c86c_poet-rat_sliver_snatch

    • Size

      20.2MB

    • MD5

      24e84ed22723fd8b41fb2d712672c86c

    • SHA1

      8bd9a7801c728fd4f9d21e81aef3d73444cdf1a6

    • SHA256

      6dcb6e129c00e4c66221c2ddc8281f52f754e45ed4fa607a9519c9979b4fb7d4

    • SHA512

      62e999ce24d14ad6c2f3abd619dc80481773c3b60850a0241e6187995d0a67e7f74690098372e0d4aa32ccdf3f6d7458441bc0e245d32adc93517be855d0f4c1

    • SSDEEP

      196608:W2I9nkWvC0jNL4vnUFEYwEcPdpjS5E6CYaBja:W2IdHCw4v9kAdpjy6a

    • Downloads MZ/PE file

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks