Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-12-12_a033174a36f5fcf67bc7f0237b70fd47_avoslocker_hijackloader_luca-stealer_magniber

  • Size

    22.7MB

  • Sample

    241212-cj8wba1mej

  • MD5

    a033174a36f5fcf67bc7f0237b70fd47

  • SHA1

    f0eada0b9432d0ba85bb0de44e4b7751a996f7df

  • SHA256

    bd64273315a14107de082980ff128ae9eaca0a36302c0f367867bcaaf57aaaaa

  • SHA512

    61b3870842667bc4c0ab282df011259c604b00df0a093659d8559dd1b9d5f85da459c63e5440da7e3464d4b2b9e0a110a08bd15a8e20dab087ca97d6f3d09c18

  • SSDEEP

    196608:69uXVejN2DaVCjRgo5wwDScTLKdJ4R2zJXTO0oVejN2DaVCjRgo5wwDScTLKdJ4I:69pWH5/+dBJXTzlWH5/+dBJXTz

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.1.26:443

Targets

    • Target

      2024-12-12_a033174a36f5fcf67bc7f0237b70fd47_avoslocker_hijackloader_luca-stealer_magniber

    • Size

      22.7MB

    • MD5

      a033174a36f5fcf67bc7f0237b70fd47

    • SHA1

      f0eada0b9432d0ba85bb0de44e4b7751a996f7df

    • SHA256

      bd64273315a14107de082980ff128ae9eaca0a36302c0f367867bcaaf57aaaaa

    • SHA512

      61b3870842667bc4c0ab282df011259c604b00df0a093659d8559dd1b9d5f85da459c63e5440da7e3464d4b2b9e0a110a08bd15a8e20dab087ca97d6f3d09c18

    • SSDEEP

      196608:69uXVejN2DaVCjRgo5wwDScTLKdJ4R2zJXTO0oVejN2DaVCjRgo5wwDScTLKdJ4I:69pWH5/+dBJXTzlWH5/+dBJXTz

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Metasploit family

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks