Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    mcz-spoofer.exe

  • Size

    36.5MB

  • Sample

    241219-naz3lasjcx

  • MD5

    298f6c8bbd619015d98cfa918b9f30f3

  • SHA1

    0bd73c07bf1c4222b537ce1d1e24cba2579c0d95

  • SHA256

    422c1eb1e01e9d72b37b0a86f0735f299ce4665cd9f71e8aeb317f647eb108be

  • SHA512

    f98b5b43e6438ac141f96d7fda1e6b61034ee95ab10cd662ac1b88ea0751bd246cf0576bb54d3937c14eac49c379c2499be80f3f515832625f58df50b2f0c660

  • SSDEEP

    786432:5KNOIwbZcKc3oZ9wI4P1Dh5Y1LtO5po7mvDe4y/pW2w6G:NLc3u4P1D38LtO5KCs06G

Malware Config

Targets

    • Target

      mcz-spoofer.exe

    • Size

      36.5MB

    • MD5

      298f6c8bbd619015d98cfa918b9f30f3

    • SHA1

      0bd73c07bf1c4222b537ce1d1e24cba2579c0d95

    • SHA256

      422c1eb1e01e9d72b37b0a86f0735f299ce4665cd9f71e8aeb317f647eb108be

    • SHA512

      f98b5b43e6438ac141f96d7fda1e6b61034ee95ab10cd662ac1b88ea0751bd246cf0576bb54d3937c14eac49c379c2499be80f3f515832625f58df50b2f0c660

    • SSDEEP

      786432:5KNOIwbZcKc3oZ9wI4P1Dh5Y1LtO5po7mvDe4y/pW2w6G:NLc3u4P1D38LtO5KCs06G

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.