Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1bf39843cd7e540935076550b226541afe97d57f34cb6265e69df95dc18d32df

  • Size

    430KB

  • Sample

    241230-tdwr8s1ph1

  • MD5

    10031c7cdec279ac2c83ad0cffc50205

  • SHA1

    c4d41b0dc6184ef069bb5d130b634ef542d9fe59

  • SHA256

    1bf39843cd7e540935076550b226541afe97d57f34cb6265e69df95dc18d32df

  • SHA512

    a80e0a28c34d582e3e38145c1efac0c138129b4609707c5285bef025f7c1053d522c4e31f5f3a7aa4293c884c75e2506428d3fed674a301a23e4cbbc08d525bd

  • SSDEEP

    12288:q9j8pWxJdNxnSJwu416c9y0wiL7s1T37AVu68VnogfN7oSC:q9I+dGwu13UVb+n3fNM

Malware Config

Targets

    • Target

      1bf39843cd7e540935076550b226541afe97d57f34cb6265e69df95dc18d32df

    • Size

      430KB

    • MD5

      10031c7cdec279ac2c83ad0cffc50205

    • SHA1

      c4d41b0dc6184ef069bb5d130b634ef542d9fe59

    • SHA256

      1bf39843cd7e540935076550b226541afe97d57f34cb6265e69df95dc18d32df

    • SHA512

      a80e0a28c34d582e3e38145c1efac0c138129b4609707c5285bef025f7c1053d522c4e31f5f3a7aa4293c884c75e2506428d3fed674a301a23e4cbbc08d525bd

    • SSDEEP

      12288:q9j8pWxJdNxnSJwu416c9y0wiL7s1T37AVu68VnogfN7oSC:q9I+dGwu13UVb+n3fNM

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Purplefox family

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks