Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PowderLauncher.exe

  • Size

    421KB

  • Sample

    241003-rx617szgjq

  • MD5

    ea774962ca4d02a3fc3a853d18abefd9

  • SHA1

    1160ef2dbf1a83ac8151e02d558611d18e798638

  • SHA256

    8107bd54d0e16c675274e28d56e9672f5d0b03741b626e9cd836c8304ead7c36

  • SHA512

    a2433f876f357d2a15957bac6cbb3f2e4d867e4d4d076bdd224677d67ac1d2597927788f34db6efd87605b2cfb8ac690d8ec16ece154412ffd7ce7b75e11cd7e

  • SSDEEP

    6144:bmGIhx4I13Y2t0EyL+upREyrZzalOSjlbshojjjM4739E0Ld57X2znBtHMGvGd:yt4IFIRKcTZzalXQSDMw9dAS

Malware Config

Targets

    • Target

      PowderLauncher.exe

    • Size

      421KB

    • MD5

      ea774962ca4d02a3fc3a853d18abefd9

    • SHA1

      1160ef2dbf1a83ac8151e02d558611d18e798638

    • SHA256

      8107bd54d0e16c675274e28d56e9672f5d0b03741b626e9cd836c8304ead7c36

    • SHA512

      a2433f876f357d2a15957bac6cbb3f2e4d867e4d4d076bdd224677d67ac1d2597927788f34db6efd87605b2cfb8ac690d8ec16ece154412ffd7ce7b75e11cd7e

    • SSDEEP

      6144:bmGIhx4I13Y2t0EyL+upREyrZzalOSjlbshojjjM4739E0Ld57X2znBtHMGvGd:yt4IFIRKcTZzalXQSDMw9dAS

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    • Target

      Newtonsoft.Json.dll

    • Size

      685KB

    • MD5

      081d9558bbb7adce142da153b2d5577a

    • SHA1

      7d0ad03fbda1c24f883116b940717e596073ae96

    • SHA256

      b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

    • SHA512

      2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

    • SSDEEP

      12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5

    Score
    1/10
    • Target

      PostInstaller.exe

    • Size

      23KB

    • MD5

      41ba083ed39e906bef870255419edd28

    • SHA1

      4ac8cbebdc4f0ada8018497c0acb35a22062a836

    • SHA256

      52243ff195b844ecab87fce461947c779fe2cb8fac21282a05d1f2abfd4ede86

    • SHA512

      2538a95882bb2b8ad8180a5fe569330d04079422067e4ad1d1fe985c36c5704821199c6625a56a5f032f31a22c8e4d9beaf72422aaa59e05fea9ecf6c33f465b

    • SSDEEP

      384:CLDaVl9ec3YEyOWNcccXNMtG5/uo6ki2KP9gizC3inAM+o/8E9VF0NylCgK:CL+f9e2YEKxUdgr2KRzCynAMxkE6

    Score
    1/10
    • Target

      PowderBootstrap.exe

    • Size

      26KB

    • MD5

      874284cb887ce96f1fe6bd903a17cfcb

    • SHA1

      615056be9f980fdc7167b74d8b1f5dbaf0c1f99d

    • SHA256

      40b4a8932314a19f7ba201ae4613428b4f4e1bcda43a177158d956fd5d2f58bb

    • SHA512

      53e9e2a38a3a4d4fcb2222279ec6379c61e792a6167094c70a94fe8be3dab34823b40d456cdacce5180f9598a47e0edd5d30760a878cc791f3e14e2c749770a1

    • SSDEEP

      384:r4NgykacoZE8KaScRxKV6yxFHV0bSNkvwKwq6u8iJp/uo6ki2KP9gizOGwAM+o/M:8NgbuEaShv1YjQr2KRz0AMxkE4

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks