Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    vanta.py

  • Size

    73KB

  • Sample

    240903-2yl3jazbpk

  • MD5

    5794e56a34e5b59f7c0e67d0058ca697

  • SHA1

    d0e41e977493589c35a5075f214c9f1b69cd7d9b

  • SHA256

    c79d1c897cf094c2ec43c9a76ebc7139c8ec7ac95775bf0c392116c754847562

  • SHA512

    63e7f7855108fc4da72854985cde3b321368e47ec2edeb0775dfb9e5464e01254c5622c0cf6657426319a938d67ae5418ecfba8d141e20ea8b2e9afb0eaa9bc9

  • SSDEEP

    1536:vPrFTlCF3DhoUfVYo85GzCOr8nIVqd3ua93:vTQqU9RzCC8nTd3ua93

Malware Config

Targets

    • Target

      vanta.py

    • Size

      73KB

    • MD5

      5794e56a34e5b59f7c0e67d0058ca697

    • SHA1

      d0e41e977493589c35a5075f214c9f1b69cd7d9b

    • SHA256

      c79d1c897cf094c2ec43c9a76ebc7139c8ec7ac95775bf0c392116c754847562

    • SHA512

      63e7f7855108fc4da72854985cde3b321368e47ec2edeb0775dfb9e5464e01254c5622c0cf6657426319a938d67ae5418ecfba8d141e20ea8b2e9afb0eaa9bc9

    • SSDEEP

      1536:vPrFTlCF3DhoUfVYo85GzCOr8nIVqd3ua93:vTQqU9RzCC8nTd3ua93

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks