Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    tXauTiJr.exe

  • Size

    521KB

  • Sample

    240903-hymvaa1alj

  • MD5

    464c348f1bdf66a75c6b0d51256e916c

  • SHA1

    fa7f683e451ab0a0c6c18a4dde7b9bbdde72ff27

  • SHA256

    a58b1f94ba24a2d7f06c2b7a9840243c4e1b75b1b580cf1ce4c5d9af69cedc85

  • SHA512

    cb07284fd3d33eef29f761fd0d044a9143b9e934eff49a625290c4da23580c1b0bb1f4cd9d5e574c698fbf791d13aa476be2a550baebb4f925ef019015710233

  • SSDEEP

    6144:8a/Z+6VHFnEXbw2Y3h3NWqU/xdwpN8T4LUEDW9VXnHFudT7coWspLaIZ1ZT:8a/h8w2UNiX0gEOpnHFutV5n3

Malware Config

Targets

    • Target

      tXauTiJr.exe

    • Size

      521KB

    • MD5

      464c348f1bdf66a75c6b0d51256e916c

    • SHA1

      fa7f683e451ab0a0c6c18a4dde7b9bbdde72ff27

    • SHA256

      a58b1f94ba24a2d7f06c2b7a9840243c4e1b75b1b580cf1ce4c5d9af69cedc85

    • SHA512

      cb07284fd3d33eef29f761fd0d044a9143b9e934eff49a625290c4da23580c1b0bb1f4cd9d5e574c698fbf791d13aa476be2a550baebb4f925ef019015710233

    • SSDEEP

      6144:8a/Z+6VHFnEXbw2Y3h3NWqU/xdwpN8T4LUEDW9VXnHFudT7coWspLaIZ1ZT:8a/h8w2UNiX0gEOpnHFutV5n3

    • Cerber

      Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.