Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Bootstrapper.zip

  • Size

    4.8MB

  • Sample

    240901-xhw6cazckb

  • MD5

    72febed8586b32584c0ffc37ff6f571c

  • SHA1

    186288c20c8b8881aa1af9be424821cacbea46f7

  • SHA256

    43d7d31f381753d5e4335a10e9b068f2454536b606520ab4432b3c87528c2f82

  • SHA512

    75b6143dc0ddcc93922da21f1afdcc15763f58160da40e1c4820bb5ca98e23cb8849535a275f15735a5b254b997ee6e530c6f23a9cd23ac5935ebebcd71d9632

  • SSDEEP

    98304:0NXp/PGPMFO22KAB9homBja0BYpC6Ij6j381dWjmEdrsUvDVAWpubhxg0BZUZ4b:IVPGPMY3namBhXfCsgL6ULVvkTg0oY

Malware Config

Targets

    • Target

      Bootstrapper.exe

    • Size

      5.9MB

    • MD5

      3b1001b7fbc3df8979b738fe0e6b2e94

    • SHA1

      38e286d6537a5dfc8f6d780f6855619fef2c8a75

    • SHA256

      f6b7bbef0c8a6061563078824052551b1cd7a558f22d06cd427889c0088fe498

    • SHA512

      da96b03811b507e6a851c7a6870e9fa383a1850d0090fd7766be65d341d434e80003c1c95b2ef582462466f46f4c6074d466ef5926caa6a654d5a3581f912886

    • SSDEEP

      98304:wyTvgk+d41nz7yiiIqFmX9//u4iYrVYtgkrEm/srjft6xU0ejqIam1mjp0AF:NTgnd8nnybIqFs9SYrVYaaE3tT09m1QB

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Creates new service(s)

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

MITRE ATT&CK Enterprise v15

Tasks