Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bbb0ac6f23dd0b0c24f7504817f0d71c2adec18e071dbb4423b8bf8e237fa3af

  • Size

    166KB

  • Sample

    250105-fj517sslat

  • MD5

    b5edbb3eff91589aaeb348ff3779e245

  • SHA1

    01110e3200b6849215d9e505313b43557f87c3f3

  • SHA256

    bbb0ac6f23dd0b0c24f7504817f0d71c2adec18e071dbb4423b8bf8e237fa3af

  • SHA512

    552b34ae93ef9dc784da6d8f378ed1173f90fbf20b9bca2a3e8fcfd5f0199a63bf4144c7a4e43fd7503de708a0223ccfde416f5032c2013010e2c21b757cd9a2

  • SSDEEP

    3072:lgze3/rVtebkTlLx2/E2lQBV+UdE+rECWp7hK2SFsCF:+z0ZtebkTlJBV+UdvrEFp7hK2/CF

Malware Config

Targets

    • Target

      bbb0ac6f23dd0b0c24f7504817f0d71c2adec18e071dbb4423b8bf8e237fa3af

    • Size

      166KB

    • MD5

      b5edbb3eff91589aaeb348ff3779e245

    • SHA1

      01110e3200b6849215d9e505313b43557f87c3f3

    • SHA256

      bbb0ac6f23dd0b0c24f7504817f0d71c2adec18e071dbb4423b8bf8e237fa3af

    • SHA512

      552b34ae93ef9dc784da6d8f378ed1173f90fbf20b9bca2a3e8fcfd5f0199a63bf4144c7a4e43fd7503de708a0223ccfde416f5032c2013010e2c21b757cd9a2

    • SSDEEP

      3072:lgze3/rVtebkTlLx2/E2lQBV+UdE+rECWp7hK2SFsCF:+z0ZtebkTlJBV+UdvrEFp7hK2/CF

    • Floxif family

    • Floxif, Floodfix

      Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    • Detects Floxif payload

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks