Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    270d2736fd09663baf22aa438cebf165deed7646e99e15bcf2bbd0db9694f611.bin

  • Size

    760KB

  • Sample

    241231-1ymhma1pgz

  • MD5

    f18084cc10be57edc585fd1fb1f44aec

  • SHA1

    c2bdac80d48e41365c3c1f7d848229a6505a7b69

  • SHA256

    270d2736fd09663baf22aa438cebf165deed7646e99e15bcf2bbd0db9694f611

  • SHA512

    ca7c2a9ae00883cffb3e2484aa081b16e940f8cd811da8a2220def64a1e235e5ae9a390cf6ad24b002b8d86da4b529c24cf56c888406d5bac28a483451d91641

  • SSDEEP

    12288:zufD+g7tJ6sgRQLzqnQ3sl1z15WmpYshXZPbGwidNpgeH9:zWNJ6sjLzq+sl1z15WmD9idNp3H9

Malware Config

Extracted

Family

spynote

C2

ad-forestry.gl.at.ply.gg:51714

Targets

    • Target

      270d2736fd09663baf22aa438cebf165deed7646e99e15bcf2bbd0db9694f611.bin

    • Size

      760KB

    • MD5

      f18084cc10be57edc585fd1fb1f44aec

    • SHA1

      c2bdac80d48e41365c3c1f7d848229a6505a7b69

    • SHA256

      270d2736fd09663baf22aa438cebf165deed7646e99e15bcf2bbd0db9694f611

    • SHA512

      ca7c2a9ae00883cffb3e2484aa081b16e940f8cd811da8a2220def64a1e235e5ae9a390cf6ad24b002b8d86da4b529c24cf56c888406d5bac28a483451d91641

    • SSDEEP

      12288:zufD+g7tJ6sgRQLzqnQ3sl1z15WmpYshXZPbGwidNpgeH9:zWNJ6sjLzq+sl1z15WmD9idNp3H9

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Tries to add a device administrator.

MITRE ATT&CK Mobile v15

Tasks