Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

15/01/2025, 14:06

250115-remjvawndk 10

15/01/2025, 13:46

250115-q3fwjatrfz 10

General

  • Target

    getapp

  • Size

    82KB

  • Sample

    250115-q3fwjatrfz

  • MD5

    06dc29a6f0aad68bad517ac89a3055a5

  • SHA1

    dc61794754b62b8cdd4cc5c2ae4612ef0c11c1ef

  • SHA256

    edb3554e48c8e4751c020b257a0f4927b37ef4c17e244f535dd144c63618c830

  • SHA512

    61018bd7285fc95d624baec2501adacc17bdb5c4e670e30b166ebf5a1f68761bfb63b453e4cd2cf1e7d0939085dde11cb2b55af6df2bc78c20fef953f697b4ac

  • SSDEEP

    1536:cS+y6AIkZzK4eg9l1cp4S41n6w2XKnoeRX5p7qaHbp/c7wP:v+y6AIepgzsLRkw

Malware Config

Targets

    • Target

      getapp

    • Size

      82KB

    • MD5

      06dc29a6f0aad68bad517ac89a3055a5

    • SHA1

      dc61794754b62b8cdd4cc5c2ae4612ef0c11c1ef

    • SHA256

      edb3554e48c8e4751c020b257a0f4927b37ef4c17e244f535dd144c63618c830

    • SHA512

      61018bd7285fc95d624baec2501adacc17bdb5c4e670e30b166ebf5a1f68761bfb63b453e4cd2cf1e7d0939085dde11cb2b55af6df2bc78c20fef953f697b4ac

    • SSDEEP

      1536:cS+y6AIkZzK4eg9l1cp4S41n6w2XKnoeRX5p7qaHbp/c7wP:v+y6AIepgzsLRkw

    • BadRabbit

      Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.

    • Badrabbit family

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks