Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
08112024_1447_BluetraitAgent381.msi
-
Size
3.6MB
-
Sample
241108-r6apcswqcr
-
MD5
0c7d30468c0d5975866b6f10017330d9
-
SHA1
0f2d7d1d9fa10d46e8d73c75db7509f950578bc6
-
SHA256
1cd8f56f9213249e555dedda4380add02cbe74fb81a5806ef1eec3935a7f041a
-
SHA512
6b42376e6c0b69eb5e005a64c1cf6e92a27938ede43badf599c496a508c7d10e5178109e899de79d4aa01b15d982c748f3e5ece657815916f68dcd3fdb2dfd5e
-
SSDEEP
98304:7JAqhv+JtUaJRWta/Tbs9JVzlgroDWX9Ha:7Jzhv+MaR/c93BW2S9
Static task
static1
Behavioral task
behavioral1
Sample
08112024_1447_BluetraitAgent381.msi
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
08112024_1447_BluetraitAgent381.msi
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
08112024_1447_BluetraitAgent381.msi
-
Size
3.6MB
-
MD5
0c7d30468c0d5975866b6f10017330d9
-
SHA1
0f2d7d1d9fa10d46e8d73c75db7509f950578bc6
-
SHA256
1cd8f56f9213249e555dedda4380add02cbe74fb81a5806ef1eec3935a7f041a
-
SHA512
6b42376e6c0b69eb5e005a64c1cf6e92a27938ede43badf599c496a508c7d10e5178109e899de79d4aa01b15d982c748f3e5ece657815916f68dcd3fdb2dfd5e
-
SSDEEP
98304:7JAqhv+JtUaJRWta/Tbs9JVzlgroDWX9Ha:7Jzhv+MaR/c93BW2S9
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies Windows Firewall
-
Password Policy Discovery
Attempt to access detailed information about the password policy used within an enterprise network.
-
Remote Services: SMB/Windows Admin Shares
Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
2Installer Packages
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
2Installer Packages
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1System Binary Proxy Execution
1Msiexec
1