Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
isis C2.exe
-
Size
25.0MB
-
Sample
241103-3l8w7sxeqe
-
MD5
592184ead6250e7391b8caa9643d2bcb
-
SHA1
903604740047138704131e9a1efe75a0738824d5
-
SHA256
aae708ff066deab34df7a07cd0da4cd449235ccd541f5030d4c0c6cd4ca3b758
-
SHA512
9805a5cf962a75b9f3007f84c29bc070f9653158c54621a74a9baef3ec6435831b3cd6e5b53024e6c02286804f7a2226eaf3b07df21975a552507ce307430860
-
SSDEEP
98304:RJEtdFBCPtamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RGOuAKEM1U7:RIFIPoeN/FJMIDJf0gsAGK4RVuAKEMU7
Malware Config
Targets
-
-
Target
isis C2.exe
-
Size
25.0MB
-
MD5
592184ead6250e7391b8caa9643d2bcb
-
SHA1
903604740047138704131e9a1efe75a0738824d5
-
SHA256
aae708ff066deab34df7a07cd0da4cd449235ccd541f5030d4c0c6cd4ca3b758
-
SHA512
9805a5cf962a75b9f3007f84c29bc070f9653158c54621a74a9baef3ec6435831b3cd6e5b53024e6c02286804f7a2226eaf3b07df21975a552507ce307430860
-
SSDEEP
98304:RJEtdFBCPtamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RGOuAKEM1U7:RIFIPoeN/FJMIDJf0gsAGK4RVuAKEMU7
Score10/10-
Deletes Windows Defender Definitions
Uses mpcmdrun utility to delete all AV definitions.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-