Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0817a7d1a7d34d79e6445bbc319df3d0N.exe

  • Size

    284KB

  • Sample

    240903-aqtc4a1gkr

  • MD5

    0817a7d1a7d34d79e6445bbc319df3d0

  • SHA1

    62d3084442cd86e3e6ce9e4ebecf1489cf757025

  • SHA256

    536e9d0bcfcc8c949c3e6a6b85725603878e917bf783a2ce9ccc5e231fbba33b

  • SHA512

    bcd712b60dda33ec09f87af33da5e36197d37a0f8893a2f395d1545c7f945ad4a86ba6f601ae253afb17383cbfcd01419642f6a7e4ed06037079d4f73f9a3b7e

  • SSDEEP

    3072:mSQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lC/:mPA6wxmuJspr2lo

Malware Config

Targets

    • Target

      0817a7d1a7d34d79e6445bbc319df3d0N.exe

    • Size

      284KB

    • MD5

      0817a7d1a7d34d79e6445bbc319df3d0

    • SHA1

      62d3084442cd86e3e6ce9e4ebecf1489cf757025

    • SHA256

      536e9d0bcfcc8c949c3e6a6b85725603878e917bf783a2ce9ccc5e231fbba33b

    • SHA512

      bcd712b60dda33ec09f87af33da5e36197d37a0f8893a2f395d1545c7f945ad4a86ba6f601ae253afb17383cbfcd01419642f6a7e4ed06037079d4f73f9a3b7e

    • SSDEEP

      3072:mSQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lC/:mPA6wxmuJspr2lo

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks