Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

22/09/2024, 16:17

240922-trp7lsyclh 10

22/09/2024, 16:16

240922-tqzpnaycjc 10

General

  • Target

    multi tool.rar

  • Size

    49.4MB

  • Sample

    240922-trp7lsyclh

  • MD5

    ca8f8a01840deee4c91e72bddd162375

  • SHA1

    6edb1e425f21a800631d4bff5b7713de97aa4b61

  • SHA256

    2475057e86ae6b275f649474564115858530b0d0d556b10e678af48151c1b683

  • SHA512

    144732103cef741f79f98b509bfbca7ab5fb2c81e27216cf7c7a36a8d87b5fd6c11109db9846ca7da751663a1d3be84348263a6ca7298abedd5bb44f00167251

  • SSDEEP

    1572864:aqay71Cws3VEdxszS5qay71Cws3VEdxszSs:ha0VslKCa0VslKC

Malware Config

Targets

    • Target

      evonic/dont open/main.exe

    • Size

      24.9MB

    • MD5

      98850511624ea2618505ac15dd6abfe2

    • SHA1

      77a89d4a78b8bf9cd21041977dc409bbac57a214

    • SHA256

      7cb42859aacffc0604eee57e6c36ebc171bea77ab3d34bac03da28766e5e6045

    • SHA512

      9e2a6a208db5b204db4ebd3b190ccc214a4de74460815a0839b2e2fbe9907dba7354ae6ca2c1b2bce005607382a983ada1c721b31e1b1c8c0a42a737f72ae58c

    • SSDEEP

      393216:uqPnLFXlrt3c1kQZq7oBDOETgs77cGRLgRGhpMpve+rK6x/qvs:jPLFXNt3GkQZq7PE7X2GoYwxV

    Score
    7/10
    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      evonic/dont open/main2.exe

    • Size

      24.9MB

    • MD5

      98850511624ea2618505ac15dd6abfe2

    • SHA1

      77a89d4a78b8bf9cd21041977dc409bbac57a214

    • SHA256

      7cb42859aacffc0604eee57e6c36ebc171bea77ab3d34bac03da28766e5e6045

    • SHA512

      9e2a6a208db5b204db4ebd3b190ccc214a4de74460815a0839b2e2fbe9907dba7354ae6ca2c1b2bce005607382a983ada1c721b31e1b1c8c0a42a737f72ae58c

    • SSDEEP

      393216:uqPnLFXlrt3c1kQZq7oBDOETgs77cGRLgRGhpMpve+rK6x/qvs:jPLFXNt3GkQZq7PE7X2GoYwxV

    Score
    7/10
    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      evonic/run__.bat

    • Size

      3KB

    • MD5

      8720f9334084026be87258c48d3beefc

    • SHA1

      6734688e37073655662271ca0546df27652ce6ab

    • SHA256

      d4b8e7707c3cab1010b38627a3ca2e4196c405a184c69e5a46082c451e8284fc

    • SHA512

      e52d89800e31ca55d238331878c01d566499a30e15d85140e64bc1162426b92305ba896713302a93450fbc0a5a682f6a9b1a87d01004de90f782c311f6d34759

    Score
    7/10
    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks