Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
RedHatSpoofer1.3.exe
-
Size
41KB
-
Sample
240829-vswlfssdmg
-
MD5
2560647cbaa999dc4b59151bbfb32e6a
-
SHA1
5789816befd9539270ff17d1d4fe13a350d6fb54
-
SHA256
b61f4de3bad56c3cb9fe365b98f428b24afa3a103c9f830b2d5aa50efb904c6b
-
SHA512
20f0e8742e69e01240e414a2cc6021b555b7bad309180aca74f81ba22e614119b90450d8d670f4c905dec9d439ddcb77bbaf6db141b15adf7f4e5c2e60dbef88
-
SSDEEP
768:cXfQNjweRKuvHWVcxmXOnhTYXu+Rsrl9PweAebQB6SYyvrjljle:cXfQNouvH+cjnhTYX9Cl99Qodynple
Static task
static1
Behavioral task
behavioral1
Sample
RedHatSpoofer1.3.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
RedHatSpoofer1.3.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
RedHatSpoofer1.3.exe
-
Size
41KB
-
MD5
2560647cbaa999dc4b59151bbfb32e6a
-
SHA1
5789816befd9539270ff17d1d4fe13a350d6fb54
-
SHA256
b61f4de3bad56c3cb9fe365b98f428b24afa3a103c9f830b2d5aa50efb904c6b
-
SHA512
20f0e8742e69e01240e414a2cc6021b555b7bad309180aca74f81ba22e614119b90450d8d670f4c905dec9d439ddcb77bbaf6db141b15adf7f4e5c2e60dbef88
-
SSDEEP
768:cXfQNjweRKuvHWVcxmXOnhTYXu+Rsrl9PweAebQB6SYyvrjljle:cXfQNouvH+cjnhTYX9Cl99Qodynple
Score8/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1