Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f1286c9d4a1fc6413e5d1a9d3d0043be8c022f5b695be92af2d10dccb4375df0

  • Size

    3.4MB

  • Sample

    240908-keeqnsyapc

  • MD5

    baedd7908c04418acc31854226393484

  • SHA1

    6991cb75f6ec57013df271b0e212b2c7be7fd4ae

  • SHA256

    f1286c9d4a1fc6413e5d1a9d3d0043be8c022f5b695be92af2d10dccb4375df0

  • SHA512

    11cd3acb55d412e1400172f619dc87272e9c5c3fd9102312edf9bf1d53e67150f520cde8a6f1f58b42091b82e2b226d98e8ac3415bdbe37a1ec8a49d94a66e94

  • SSDEEP

    49152:T9tklXMj3d0oXG76VGiqRO2IuQ8VXFysr+sd+fJvL+F+saDUN5i7p9/ybYitG8N+:JmY6M264TvIXEVyBscfxJsaDpLKUA2

Malware Config

Targets

    • Target

      f1286c9d4a1fc6413e5d1a9d3d0043be8c022f5b695be92af2d10dccb4375df0

    • Size

      3.4MB

    • MD5

      baedd7908c04418acc31854226393484

    • SHA1

      6991cb75f6ec57013df271b0e212b2c7be7fd4ae

    • SHA256

      f1286c9d4a1fc6413e5d1a9d3d0043be8c022f5b695be92af2d10dccb4375df0

    • SHA512

      11cd3acb55d412e1400172f619dc87272e9c5c3fd9102312edf9bf1d53e67150f520cde8a6f1f58b42091b82e2b226d98e8ac3415bdbe37a1ec8a49d94a66e94

    • SSDEEP

      49152:T9tklXMj3d0oXG76VGiqRO2IuQ8VXFysr+sd+fJvL+F+saDUN5i7p9/ybYitG8N+:JmY6M264TvIXEVyBscfxJsaDpLKUA2

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks