Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    30d4ef807af7d8e8791aeb8f4eeea499a9ab0d961492dc97cbbd1d46c1ff1db9

  • Size

    6.4MB

  • Sample

    240913-htcths1apa

  • MD5

    dcbdd831f36abea3aa671235d45d8617

  • SHA1

    def917bf8c8fef22dc701af46a8157c6e3aa6114

  • SHA256

    30d4ef807af7d8e8791aeb8f4eeea499a9ab0d961492dc97cbbd1d46c1ff1db9

  • SHA512

    e830e00f1bcb038d771cd3f5a78157500b0d33d964433611dd5f25e32240de887d7f5cdb2cfcdb8496fbf0c09dcdc91ba93023a0fb8cfb867eed289db8dc0bad

  • SSDEEP

    98304:BxMsFme9BLT2nmYQNwlt9lQoVf2B3eoh7whgBiux19C1B5BaL7HRJPfaL:B2aBLqnmY8wjpUO8gYx19YTq7HLK

Malware Config

Targets

    • Target

      30d4ef807af7d8e8791aeb8f4eeea499a9ab0d961492dc97cbbd1d46c1ff1db9

    • Size

      6.4MB

    • MD5

      dcbdd831f36abea3aa671235d45d8617

    • SHA1

      def917bf8c8fef22dc701af46a8157c6e3aa6114

    • SHA256

      30d4ef807af7d8e8791aeb8f4eeea499a9ab0d961492dc97cbbd1d46c1ff1db9

    • SHA512

      e830e00f1bcb038d771cd3f5a78157500b0d33d964433611dd5f25e32240de887d7f5cdb2cfcdb8496fbf0c09dcdc91ba93023a0fb8cfb867eed289db8dc0bad

    • SSDEEP

      98304:BxMsFme9BLT2nmYQNwlt9lQoVf2B3eoh7whgBiux19C1B5BaL7HRJPfaL:B2aBLqnmY8wjpUO8gYx19YTq7HLK

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks