Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    zapspoofer.exe

  • Size

    2.6MB

  • Sample

    241003-1ltfeayanl

  • MD5

    02f71947d17cf2b0cc520a6592430c9d

  • SHA1

    bfd7cdf08621fc67bb57dd597f9c5456e8710f9f

  • SHA256

    a9a09871d8dadf1e764d04411c33d2e0689365f42b6722ead8e564fdc05ad905

  • SHA512

    ac27ec840bdfa9488cd70937093eb2710daf76b48952485a537635348861ee5b0a0e52010a2aa9144a1726f3c6c94bbbf001d4f7485d38389a84c14915b9286c

  • SSDEEP

    24576:VWrwjgWuftU4WrNOA6sM6kXxMfNmnjk/c5NrH0UUoo2QkJXVSItH5ppoO0KzJ6nf:VWriA+NOpXm1mnj0cP+DkhMAiawnFQS

Malware Config

Targets

    • Target

      zapspoofer.exe

    • Size

      2.6MB

    • MD5

      02f71947d17cf2b0cc520a6592430c9d

    • SHA1

      bfd7cdf08621fc67bb57dd597f9c5456e8710f9f

    • SHA256

      a9a09871d8dadf1e764d04411c33d2e0689365f42b6722ead8e564fdc05ad905

    • SHA512

      ac27ec840bdfa9488cd70937093eb2710daf76b48952485a537635348861ee5b0a0e52010a2aa9144a1726f3c6c94bbbf001d4f7485d38389a84c14915b9286c

    • SSDEEP

      24576:VWrwjgWuftU4WrNOA6sM6kXxMfNmnjk/c5NrH0UUoo2QkJXVSItH5ppoO0KzJ6nf:VWriA+NOpXm1mnj0cP+DkhMAiawnFQS

    • Downloads MZ/PE file

    • Sets service image path in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks