Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-09-05_88e5f7fcb3a6b6f2ebb54bbdaae394e5_icedid_jrat_sakula

  • Size

    21.3MB

  • Sample

    240905-vznjeswglb

  • MD5

    88e5f7fcb3a6b6f2ebb54bbdaae394e5

  • SHA1

    a1797481b116c8f9d6dbf72b538ec200528a0aa4

  • SHA256

    db12041535a38a59fc09b85f67302cbc9859b0f444c5fa677bcfd4f4f3b8e303

  • SHA512

    c8de757766df4c27f092320f07906886cb3a4e39eea82f9da5abcf0f9555c8eaa9e3c333321e5738066368584c5c2b75528b27bd92a08f833b2c05b0d3ae1aad

  • SSDEEP

    196608:w1zsKFJndotUVMbUJfF7PD2pbJ6VszmYN8jqqw8o3BNYtRlR:WPFJm6VorNk28o3gtRj

Malware Config

Targets

    • Target

      2024-09-05_88e5f7fcb3a6b6f2ebb54bbdaae394e5_icedid_jrat_sakula

    • Size

      21.3MB

    • MD5

      88e5f7fcb3a6b6f2ebb54bbdaae394e5

    • SHA1

      a1797481b116c8f9d6dbf72b538ec200528a0aa4

    • SHA256

      db12041535a38a59fc09b85f67302cbc9859b0f444c5fa677bcfd4f4f3b8e303

    • SHA512

      c8de757766df4c27f092320f07906886cb3a4e39eea82f9da5abcf0f9555c8eaa9e3c333321e5738066368584c5c2b75528b27bd92a08f833b2c05b0d3ae1aad

    • SSDEEP

      196608:w1zsKFJndotUVMbUJfF7PD2pbJ6VszmYN8jqqw8o3BNYtRlR:WPFJm6VorNk28o3gtRj

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks