Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    51a88b3ddca9383fb41774f44e1263f0N.exe

  • Size

    1.1MB

  • Sample

    240820-z6k44axflp

  • MD5

    51a88b3ddca9383fb41774f44e1263f0

  • SHA1

    f364ae968f3559a936126362d867d3615a20d8dd

  • SHA256

    eb752c61cfac892e83a69aad91eef9e9d03a67db225deed68c199fef293700f1

  • SHA512

    4c3140fd3b1046d8ae4d94862515dc978e9fa1e1108f2173927b50fff1a593632efa49afce02001740ee01956f926a0734261544c7dad5f2848b1cff35ff7502

  • SSDEEP

    6144:gL0RQ3YYWEowc1F0G0/VSyfdH75Q+mUTK:gL0RQ3YYWEodmGwH575Z

Malware Config

Targets

    • Target

      51a88b3ddca9383fb41774f44e1263f0N.exe

    • Size

      1.1MB

    • MD5

      51a88b3ddca9383fb41774f44e1263f0

    • SHA1

      f364ae968f3559a936126362d867d3615a20d8dd

    • SHA256

      eb752c61cfac892e83a69aad91eef9e9d03a67db225deed68c199fef293700f1

    • SHA512

      4c3140fd3b1046d8ae4d94862515dc978e9fa1e1108f2173927b50fff1a593632efa49afce02001740ee01956f926a0734261544c7dad5f2848b1cff35ff7502

    • SSDEEP

      6144:gL0RQ3YYWEowc1F0G0/VSyfdH75Q+mUTK:gL0RQ3YYWEodmGwH575Z

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Indicator Removal: Clear Persistence

      Clear artifacts associated with previously established persistence like scheduletasks on a host.

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks