Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    50ae7839463137f7fab104e21cda58572dbcf4fbd28c61038187752e2fed9512

  • Size

    430KB

  • Sample

    241230-tb34jaypbk

  • MD5

    f7ec875f8ef9e1d72eb0095addc8e3b4

  • SHA1

    38c8bb509c752f94cb938036aa21db72bd75f710

  • SHA256

    50ae7839463137f7fab104e21cda58572dbcf4fbd28c61038187752e2fed9512

  • SHA512

    02ad72e87bc66920ef7ce949a78dec784c2afdab48c4269887d49886cba3b097fe0a93330300569ce92d5dd96290dce33433e12039724e4045ec3a1adf45f5d1

  • SSDEEP

    12288:q9j8pWxJdNxnSJwu416c9y0wiL7s1T37AVu68VnogfN7oSY:q9I+dGwu13UVb+n3fNW

Malware Config

Targets

    • Target

      50ae7839463137f7fab104e21cda58572dbcf4fbd28c61038187752e2fed9512

    • Size

      430KB

    • MD5

      f7ec875f8ef9e1d72eb0095addc8e3b4

    • SHA1

      38c8bb509c752f94cb938036aa21db72bd75f710

    • SHA256

      50ae7839463137f7fab104e21cda58572dbcf4fbd28c61038187752e2fed9512

    • SHA512

      02ad72e87bc66920ef7ce949a78dec784c2afdab48c4269887d49886cba3b097fe0a93330300569ce92d5dd96290dce33433e12039724e4045ec3a1adf45f5d1

    • SSDEEP

      12288:q9j8pWxJdNxnSJwu416c9y0wiL7s1T37AVu68VnogfN7oSY:q9I+dGwu13UVb+n3fNW

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Purplefox family

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks