Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Lobotomz.exe

  • Size

    438KB

  • Sample

    240921-yp19bazgpb

  • MD5

    f713bc9b842e94a0712a0dc0f3a58cce

  • SHA1

    d5c2dc86593248eac098a27e9c3ba6350f46a6fb

  • SHA256

    337839269a3be5d60e52de93be53f93cab86a88cb6b331ab0d1322b32e17d83b

  • SHA512

    c4cef32f25527a984ac613b174bcba2996795526c328e00003977e090551f0accb2aef37838e75a474d92f760b97223324bab8bb0bf177d856d4d3b449d3099b

  • SSDEEP

    1536:N1PbVOwHQGMoivnfOv7SzMFEIePmtu/Et7v1tEYMHGWpUrrWoOTJfuVmyLUQ7wVY:N1PbVvxeeMstW4rqDu7qY

Malware Config

Targets

    • Target

      Lobotomz.exe

    • Size

      438KB

    • MD5

      f713bc9b842e94a0712a0dc0f3a58cce

    • SHA1

      d5c2dc86593248eac098a27e9c3ba6350f46a6fb

    • SHA256

      337839269a3be5d60e52de93be53f93cab86a88cb6b331ab0d1322b32e17d83b

    • SHA512

      c4cef32f25527a984ac613b174bcba2996795526c328e00003977e090551f0accb2aef37838e75a474d92f760b97223324bab8bb0bf177d856d4d3b449d3099b

    • SSDEEP

      1536:N1PbVOwHQGMoivnfOv7SzMFEIePmtu/Et7v1tEYMHGWpUrrWoOTJfuVmyLUQ7wVY:N1PbVvxeeMstW4rqDu7qY

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Modifies system executable filetype association

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks