Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    RTC_Launcher.exe

  • Size

    758KB

  • Sample

    241014-pyd1pszhkk

  • MD5

    cb1929328dea316fcb34f3486697d16e

  • SHA1

    8c2db8d4b4644cb356a9283b2fa7bb6a988a5d7b

  • SHA256

    7a3deffc327b1e49cbc95dc4c41f1f4c0fd55825cc7c18fd06b96a900e0bf5f9

  • SHA512

    90ef1cc19c01c1c0b2b4b802e88d622ff07ffc91273350200cd0589e6acabb63634af2883f6cae554dacab0f401b4294d13291707507c6fa035c282214fc6a28

  • SSDEEP

    12288:qOBl28ZdfrXg+JwuKt/S/605bsrv0QXIRHE:zfw+Jwz/S/6Rv0wUk

Malware Config

Targets

    • Target

      RTC_Launcher.exe

    • Size

      758KB

    • MD5

      cb1929328dea316fcb34f3486697d16e

    • SHA1

      8c2db8d4b4644cb356a9283b2fa7bb6a988a5d7b

    • SHA256

      7a3deffc327b1e49cbc95dc4c41f1f4c0fd55825cc7c18fd06b96a900e0bf5f9

    • SHA512

      90ef1cc19c01c1c0b2b4b802e88d622ff07ffc91273350200cd0589e6acabb63634af2883f6cae554dacab0f401b4294d13291707507c6fa035c282214fc6a28

    • SSDEEP

      12288:qOBl28ZdfrXg+JwuKt/S/605bsrv0QXIRHE:zfw+Jwz/S/6Rv0wUk

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks