1cd8f56f9213249e555dedda4380add02cbe74fb81a5806ef1eec3935a7f041a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

08112024_1...81.msi

windows7-x64

6

08112024_1...81.msi

windows10-2004-x64

6

Sharing

General

Target

08112024_1447_BluetraitAgent381.msi
Size

3.6MB
Sample

241108-r6apcswqcr
MD5

0c7d30468c0d5975866b6f10017330d9
SHA1

0f2d7d1d9fa10d46e8d73c75db7509f950578bc6
SHA256

1cd8f56f9213249e555dedda4380add02cbe74fb81a5806ef1eec3935a7f041a
SHA512

6b42376e6c0b69eb5e005a64c1cf6e92a27938ede43badf599c496a508c7d10e5178109e899de79d4aa01b15d982c748f3e5ece657815916f68dcd3fdb2dfd5e
SSDEEP

98304:7JAqhv+JtUaJRWta/Tbs9JVzlgroDWX9Ha:7Jzhv+MaR/c93BW2S9

Score

6^/10

discovery evasion execution lateral_movement persistence privilege_escalation trojan

Static task

static1

Behavioral task

behavioral1

Sample

08112024_1447_BluetraitAgent381.msi

Resource

win7-20240903-en

discovery persistence privilege_escalation

windows7-x64

18 signatures

300 seconds

Behavioral task

behavioral2

Sample

08112024_1447_BluetraitAgent381.msi

Resource

win10v2004-20241007-en

discovery evasion execution lateral_movement persistence privilege_escalation trojan

windows10-2004-x64

29 signatures

300 seconds

Malware Config

Targets

- Target
  
  08112024_1447_BluetraitAgent381.msi
- Size
  
  3.6MB
- MD5
  
  0c7d30468c0d5975866b6f10017330d9
- SHA1
  
  0f2d7d1d9fa10d46e8d73c75db7509f950578bc6
- SHA256
  
  1cd8f56f9213249e555dedda4380add02cbe74fb81a5806ef1eec3935a7f041a
- SHA512
  
  6b42376e6c0b69eb5e005a64c1cf6e92a27938ede43badf599c496a508c7d10e5178109e899de79d4aa01b15d982c748f3e5ece657815916f68dcd3fdb2dfd5e
- SSDEEP
  
  98304:7JAqhv+JtUaJRWta/Tbs9JVzlgroDWX9Ha:7Jzhv+MaR/c93BW2S9
Score

6^/10

discovery persistence privilege_escalation evasion execution lateral_movement trojan
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies Windows Firewall
  evasion
- Password Policy Discovery
  Attempt to access detailed information about the password policy used within an enterprise network.
  discovery
- Remote Services: SMB/Windows Admin Shares
  Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
  lateral_movement
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Installer Packages

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Installer Packages

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Subvert Trust Controls

Install Root Certificate

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Password Policy Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Remote Services

SMB/Windows Admin Shares

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoveryevasionexecutionlateral_movementpersistenceprivilege_escalationtrojan

© 2018-2025

Terms | Privacy