Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    afd487d97fe9ced72ff2863a96065b22d8e3a63d6d541d222123780a624dc147N

  • Size

    1.8MB

  • Sample

    241001-wxzz4stepr

  • MD5

    260278864373e02d00d4fe2f044175a0

  • SHA1

    543f5007aa2de1a6e5cedfc0ead26c7e6ecb1875

  • SHA256

    afd487d97fe9ced72ff2863a96065b22d8e3a63d6d541d222123780a624dc147

  • SHA512

    42c6b2e721007ccec31df85a491612ca624167234ba485f8d09fb5951d1e52e122ef2688211c48c816b466f615070fdb6cddebb1d7bf2646270160c58111848d

  • SSDEEP

    24576:rr0TxazTID9UhQtRlA6Jz7kzSRciXSD3FbbBN/IyZJbOOEHqBh3SWgSklWNyU:rZzED7tRX8SWwWpNN/IyjEOBST1WNyU

Malware Config

Targets

    • Target

      afd487d97fe9ced72ff2863a96065b22d8e3a63d6d541d222123780a624dc147N

    • Size

      1.8MB

    • MD5

      260278864373e02d00d4fe2f044175a0

    • SHA1

      543f5007aa2de1a6e5cedfc0ead26c7e6ecb1875

    • SHA256

      afd487d97fe9ced72ff2863a96065b22d8e3a63d6d541d222123780a624dc147

    • SHA512

      42c6b2e721007ccec31df85a491612ca624167234ba485f8d09fb5951d1e52e122ef2688211c48c816b466f615070fdb6cddebb1d7bf2646270160c58111848d

    • SSDEEP

      24576:rr0TxazTID9UhQtRlA6Jz7kzSRciXSD3FbbBN/IyZJbOOEHqBh3SWgSklWNyU:rZzED7tRX8SWwWpNN/IyjEOBST1WNyU

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks