Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

25/09/2024, 17:58

240925-wkcztasbrd 8

25/09/2024, 17:55

240925-wheqmasarb 8

General

  • Target

    Prueba1.exe

  • Size

    227KB

  • Sample

    240925-wheqmasarb

  • MD5

    4339cc7cb7c8df84a3a1bbd3cba4cf17

  • SHA1

    b041a7ac27006a3d204726cecef465a34f06a3f3

  • SHA256

    e3ebbde456c0c20d1436661909137cd38ce6be51cf78e7cb0d2944b124bed326

  • SHA512

    3e795d43daa63db9435ab3d03a6800719f25b1f8311188148c5ac51eea1835ca76a6fb10040559271e42de7b3d5e18dda89a572fb975ee60f6a90d1575a85f31

  • SSDEEP

    3072:W+PSS5WcZM55FjBcmnE2V/anyoQI5swjEG6vpRcuKtK41rL2JtjwKk:tPSPX5FWhMwj16xrcKaLWjwKk

Malware Config

Targets

    • Target

      Prueba1.exe

    • Size

      227KB

    • MD5

      4339cc7cb7c8df84a3a1bbd3cba4cf17

    • SHA1

      b041a7ac27006a3d204726cecef465a34f06a3f3

    • SHA256

      e3ebbde456c0c20d1436661909137cd38ce6be51cf78e7cb0d2944b124bed326

    • SHA512

      3e795d43daa63db9435ab3d03a6800719f25b1f8311188148c5ac51eea1835ca76a6fb10040559271e42de7b3d5e18dda89a572fb975ee60f6a90d1575a85f31

    • SSDEEP

      3072:W+PSS5WcZM55FjBcmnE2V/anyoQI5swjEG6vpRcuKtK41rL2JtjwKk:tPSPX5FWhMwj16xrcKaLWjwKk

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks