Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Xeno-v1.0.8-x64.zip

  • Size

    4.1MB

  • Sample

    241017-qg5mrsyeqg

  • MD5

    c232bea765c6edb442a8709a2a012279

  • SHA1

    904cbb05a56948661a34a75f4d5484dce7cb6c03

  • SHA256

    e2157140596246478da3eef7ac3c3279e69ed1c6820ccfe2cd3f3b90c4b9a288

  • SHA512

    3a10f27efc5d04941bdfecd642c5241b5d2a5db5d894d6c043ef46d47084780c2f1aa8bb37707fc5b146f326855503dcab2a9670cb1e73326f332f90a9c0e5c6

  • SSDEEP

    98304:N/eSPH4j0NL9Cteaqxt5JwlVLnwphakez+DnDHS9aIhaIkT7DRVou6NW+zsQ:NWSf44l9UeaSt5J4uhJeyLSZhw3R+7NJ

Malware Config

Targets

    • Target

      Xeno-v1.0.8-x64.zip

    • Size

      4.1MB

    • MD5

      c232bea765c6edb442a8709a2a012279

    • SHA1

      904cbb05a56948661a34a75f4d5484dce7cb6c03

    • SHA256

      e2157140596246478da3eef7ac3c3279e69ed1c6820ccfe2cd3f3b90c4b9a288

    • SHA512

      3a10f27efc5d04941bdfecd642c5241b5d2a5db5d894d6c043ef46d47084780c2f1aa8bb37707fc5b146f326855503dcab2a9670cb1e73326f332f90a9c0e5c6

    • SSDEEP

      98304:N/eSPH4j0NL9Cteaqxt5JwlVLnwphakez+DnDHS9aIhaIkT7DRVou6NW+zsQ:NWSf44l9UeaSt5J4uhJeyLSZhw3R+7NJ

    • Downloads MZ/PE file

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks