Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d3358171bfe0886c9867c57055542e139ef19e22949d6174d82976e0a9732481

  • Size

    1.2MB

  • Sample

    250101-s43g2azrfy

  • MD5

    f9ed13078a24132fead013d264df609b

  • SHA1

    62b36461d7eac0b3126e502066cf81f9c9f4b136

  • SHA256

    d3358171bfe0886c9867c57055542e139ef19e22949d6174d82976e0a9732481

  • SHA512

    cf17134164ceda42e65327f0da375318523c61c0b0e9e48cf91d84f9c7a2909c0a514f7a919171c77863d738b3b05708ffafdac1ff845f7c9129cd3f41f8b97e

  • SSDEEP

    24576:V+UiJqULKKpG/CsVYPKcIdSOvNC1bS/ytG/28qnT8ysC81UWXJqh:V+UELKKpG/7iDId5lC12/k828ymUWXkh

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      d3358171bfe0886c9867c57055542e139ef19e22949d6174d82976e0a9732481

    • Size

      1.2MB

    • MD5

      f9ed13078a24132fead013d264df609b

    • SHA1

      62b36461d7eac0b3126e502066cf81f9c9f4b136

    • SHA256

      d3358171bfe0886c9867c57055542e139ef19e22949d6174d82976e0a9732481

    • SHA512

      cf17134164ceda42e65327f0da375318523c61c0b0e9e48cf91d84f9c7a2909c0a514f7a919171c77863d738b3b05708ffafdac1ff845f7c9129cd3f41f8b97e

    • SSDEEP

      24576:V+UiJqULKKpG/CsVYPKcIdSOvNC1bS/ytG/28qnT8ysC81UWXJqh:V+UELKKpG/7iDId5lC12/k828ymUWXkh

    • Bdaejec

      Bdaejec is a backdoor written in C++.

    • Bdaejec family

    • Blackmoon family

    • Blackmoon, KrBanker

      Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    • Detect Blackmoon payload

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks