Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    isis C2.exe

  • Size

    25.0MB

  • Sample

    241103-3l8w7sxeqe

  • MD5

    592184ead6250e7391b8caa9643d2bcb

  • SHA1

    903604740047138704131e9a1efe75a0738824d5

  • SHA256

    aae708ff066deab34df7a07cd0da4cd449235ccd541f5030d4c0c6cd4ca3b758

  • SHA512

    9805a5cf962a75b9f3007f84c29bc070f9653158c54621a74a9baef3ec6435831b3cd6e5b53024e6c02286804f7a2226eaf3b07df21975a552507ce307430860

  • SSDEEP

    98304:RJEtdFBCPtamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RGOuAKEM1U7:RIFIPoeN/FJMIDJf0gsAGK4RVuAKEMU7

Malware Config

Targets

    • Target

      isis C2.exe

    • Size

      25.0MB

    • MD5

      592184ead6250e7391b8caa9643d2bcb

    • SHA1

      903604740047138704131e9a1efe75a0738824d5

    • SHA256

      aae708ff066deab34df7a07cd0da4cd449235ccd541f5030d4c0c6cd4ca3b758

    • SHA512

      9805a5cf962a75b9f3007f84c29bc070f9653158c54621a74a9baef3ec6435831b3cd6e5b53024e6c02286804f7a2226eaf3b07df21975a552507ce307430860

    • SSDEEP

      98304:RJEtdFBCPtamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RGOuAKEM1U7:RIFIPoeN/FJMIDJf0gsAGK4RVuAKEMU7

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks