Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cbe674691782d8aff7f77e094a8c5a39111d29dad9d3c7b310192cb9e77c22b4

  • Size

    284KB

  • Sample

    250109-j9ll2awrfr

  • MD5

    c217a4047e390777921797279e1d54ab

  • SHA1

    15a8e2e8717de8c15c93e6128959ce8df2b21ba1

  • SHA256

    cbe674691782d8aff7f77e094a8c5a39111d29dad9d3c7b310192cb9e77c22b4

  • SHA512

    aeed089b971f3fd70f00e2ba22ecf7acae7de4f057eefa1a19954ff09e49efb1908890e5270a5a6b12a2edadec93b24e97a95e63b2181644bf814d92194df88a

  • SSDEEP

    3072:rSQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lCh:rPA6wxmuJspr2lg

Malware Config

Targets

    • Target

      cbe674691782d8aff7f77e094a8c5a39111d29dad9d3c7b310192cb9e77c22b4

    • Size

      284KB

    • MD5

      c217a4047e390777921797279e1d54ab

    • SHA1

      15a8e2e8717de8c15c93e6128959ce8df2b21ba1

    • SHA256

      cbe674691782d8aff7f77e094a8c5a39111d29dad9d3c7b310192cb9e77c22b4

    • SHA512

      aeed089b971f3fd70f00e2ba22ecf7acae7de4f057eefa1a19954ff09e49efb1908890e5270a5a6b12a2edadec93b24e97a95e63b2181644bf814d92194df88a

    • SSDEEP

      3072:rSQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lCh:rPA6wxmuJspr2lg

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks