Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

fa84aaca64...24.exe

windows7-x64

10

fa84aaca64...24.exe

windows10-2004-x64

10

$PLUGINSDI...og.dll

windows7-x64

3

$PLUGINSDI...og.dll

windows10-2004-x64

3

0/Setup.exe

windows7-x64

3

0/Setup.exe

windows10-2004-x64

3

039F3.dll

windows7-x64

1

039F3.dll

windows10-2004-x64

1

039F4.js

windows7-x64

3

039F4.js

windows10-2004-x64

3

1/333.exe

windows7-x64

3

1/333.exe

windows10-2004-x64

3

2/babka.cmd

windows7-x64

6

2/babka.cmd

windows10-2004-x64

6

Ionic.Zip.dll

windows7-x64

1

Ionic.Zip.dll

windows10-2004-x64

1

SibClr.dll

windows7-x64

3

SibClr.dll

windows10-2004-x64

3

Sibjs.exe

windows7-x64

3

Sibjs.exe

windows10-2004-x64

3

Sibuia.exe

windows7-x64

3

Sibuia.exe

windows10-2004-x64

3

Zip.dll

windows7-x64

1

Zip.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa84aaca643d68422484d8c78e900d06102d0fbff57598755e97705bfe419c24.zip

  • Size

    5.9MB

  • Sample

    250128-q7g96azrgz

  • MD5

    f231fe5903c691d8f81fdf89b6421482

  • SHA1

    3a2973336ded3eb4597562902d01876e3625864a

  • SHA256

    ad8d6798369029e6adbf0e2c044a66f09b3ddd055ddd147864adb1a255b57f79

  • SHA512

    38c7a283d45dab8a22dc660ed3b21ed6855810eebe5303b918b62d2a20591965e40b743badf81daabe57cadb94506bbd4f98d194ac0564c4071c48b493d0ae92

  • SSDEEP

    98304:kLLnpRGhP34CRaXoABzVtIChfoXaMFwtxpdOiXlglkyBpEQK0nl2GxcFAM9HZLy3:knnzpCRaXhxVToXzGQpjBpxlTcSeZyio

Score
10/10
netsupportdiscoveryexecutionpersistencerat

Malware Config

Targets

    • Target

      fa84aaca643d68422484d8c78e900d06102d0fbff57598755e97705bfe419c24.exe

    • Size

      5.9MB

    • MD5

      90266d58cb8c03bf6f3171e60b383ee5

    • SHA1

      2bd1981838b9f80196a1576e398f89bf964ea24f

    • SHA256

      fa84aaca643d68422484d8c78e900d06102d0fbff57598755e97705bfe419c24

    • SHA512

      8899898628a6eac463d34f9f19bd7c577e16d4d4cf79697ca7033a820392b353a1e6e38c96b645e8afaa4b953dc55b5909493646205b4ebf4192b5db8ac65673

    • SSDEEP

      98304:AjHUJxDQbcImqaNCO8MX71guf/x2NSaGn6AGpq5TL+B3KogDaVTB0SiP0wzH:AI+mqvO8kDxuSZ6AGp++1sIy04

    Score
    10/10
    netsupportdiscoverypersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/siblog.dll

    • Size

      146KB

    • MD5

      2fab606d750aad11fbf8e0a9060172db

    • SHA1

      b2e40332e179f921a73c64ea09a54c0f2bf75959

    • SHA256

      d3289b09fc9c37a80f0215b5c8c7990b9d3353e0c27cc4689e806d6026b6dda7

    • SHA512

      1670ddfb2233c346a8cd5ee88700697c17123923da964e115c6ade238f77b421f51bf6459bf46bb3966f1de8fdeeeda774d7100b5c5dac46e53e738e8691ab1f

    • SSDEEP

      3072:jK2xllPc8r1tFA7mJKDZ9KofLSMqtugBC7TlNK/574C:FxlyU3C6e97LnzO574C

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      0/Setup.exe

    • Size

      5.1MB

    • MD5

      596636d5258ffeae01bd19f87d96808b

    • SHA1

      4f2883153d197f18ec21a78f4df0544cb326a99c

    • SHA256

      873d448590ed30d1ba80ca54c84714cddec27ad6a1e4f84fcd7b091d3acf9a56

    • SHA512

      0cb8ceb79b0a1f43c02458517b6e6b46a1121a714feef2e72934e9065447f0eefb4661d474d56776a0c92e52c851a682ba17a3e80901f6d4633deb32e16a3ea7

    • SSDEEP

      98304:cqwsVKHOycs8IZPEQF9iBCLrejdrgphScSH+txR:cHr8SiALroyIw3

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      039F3.tmp

    • Size

      4KB

    • MD5

      de92f3c2273b3803e23216387c87b769

    • SHA1

      23395fbc13ad680e1b4a5a01aaa8e4b07329fc04

    • SHA256

      39858473da9bedf8b5c0ffe9cd4763de4879e877e783fd038af3d93338fa9951

    • SHA512

      8ecac578fd704a8be968cfe5c8733b32e3c4b8a4443499c5071a262e8e5026582729cea772f21cc0c3aa7a49ed4cb7e456d39f09a750c6d65a86b31e1dfd1fbb

    • SSDEEP

      48:6+9mUnRRQXGrx5KcCp17Zeder2jeC2FHGHWBXo7qOPuln0MqI:XYmxZCpydk2oFmoV0M

    Score
    1/10
    behavioral7behavioral8

    • Target

      039F4.tmp

    • Size

      6KB

    • MD5

      e18bb555ad612faca72cd518afc42931

    • SHA1

      5d33476e909fced814500c95e67e729bed003fb8

    • SHA256

      36f86d18c21b93868bf43b3b7d20439d8cf9914c1b557e42f22addd84b4a6f72

    • SHA512

      fe976afe2357d1670d6728c695c88c24c3a575bd5d5de25ebed6a552294b52ff05301a909997a1b987ca74debcea539adc405c9c2f3b0c54254ba7b46a03fc9b

    • SSDEEP

      96:XDNVHkleDxbIs7MHLkRSG+k857xrSG+Ut9MvHr/m7PSG+sORdRNRCINXh7q7:XLHkleBykUGbMmGL8PG3ORdRNRPNX

    Score
    3/10
    execution
    behavioral10behavioral9

    • Target

      1/333.exe

    • Size

      323KB

    • MD5

      f76410e6255ed89c286c35b7b7c5269a

    • SHA1

      8a22735312d9a4692350464b107ed5872bf2527e

    • SHA256

      0b8c0c908da39e77e0ef2f4b3b0eb96f3709d052252e0eae619790c61fc42b81

    • SHA512

      51792ac3843450672ede7a44e1dab0509b26e1ab4d2fa93d08c0d25644920bc5afbeb35372cf55a99fa624f61c5e1188ee9d3bff58808c9b3d7c8f61c95435d7

    • SSDEEP

      3072:mnWSR+jounK7NAKDjiBmKbOUEuQvS/bcwWE2wup3vMRU6RLvHEd9VhMCyqKbv83w:NTouKrWBEu3/Z2lpGDHU3ykJvPJfbC//

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      2/babka.cmd

    • Size

      277B

    • MD5

      7b3f261fb057fce0cb6233bd5258f829

    • SHA1

      d8b9075eaea96e7c5444cd3a209c78bd8bcd4e38

    • SHA256

      70fc159c1040f7da1beaba2ca98004babbd2ae7e2957d7c0c2aa67ebc43a1457

    • SHA512

      06401741072a5f0e41ea37523925b04af9fb2710f559b21eaba3a449a929d86028dfa6750d67744940bdcfb838e20fcb7210239a67d9f8c6ad09f4d0ed73d2be

    Score
    6/10
    persistence
    behavioral13behavioral14

    • Target

      Ionic.Zip.dll

    • Size

      420KB

    • MD5

      cb27185f1f9b8cd76093300a83856e5c

    • SHA1

      28fe6f101e0415a8dc6c2c52cc6414da61ec4d02

    • SHA256

      35d73ec1b3bcdd743c951502aa5ac6bb756e6087311bfc9648587d6c94ca746f

    • SHA512

      61f94374643f526a14d243dc2deaf33b3998d94a0407e2af2c7354e9ff73ec2297087f9faa61b593ee0228fab3bd11f6b4acb67dfce3d70b20b9de0a6e54e44f

    • SSDEEP

      6144:fxelW5xGKxjuBGtSV41QJDsTDDHJFiZiWs3inQPQl:MlW5sIq4S4YsfBWWXol

    Score
    1/10
    behavioral15behavioral16

    • Target

      SibClr.dll

    • Size

      66KB

    • MD5

      640f3d42e52e3d361569c3fb6bb4441d

    • SHA1

      2c7acdc20d3788b58bf139f304ed38ceaa98af31

    • SHA256

      ffc17acf3f3c8e73b944e279fee7ecaf6fac46ec4c305aedc1c51122db256e37

    • SHA512

      5429b2ede62400166950e6385b44612960338ccb7162b82fe7e62cb6e48b9e07be22eea6a8c798defb5320a34a8e26d85e71886754e8e8a71d0a0ffc30ba1158

    • SSDEEP

      1536:wd5nlP2FOyeZV0EFe6IsbF/1b9XwT9UwfQroJQr6nK:wLnlP2FOyeZV0EFe6Isbdl9XuUwfQrCU

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      Sibjs.exe

    • Size

      2.1MB

    • MD5

      cb98aab3f8a161d55d04086ffcafbbbd

    • SHA1

      14c4c97c22d6c3456da33c59ed1dc9d8f86fdc73

    • SHA256

      94a297719f304bb12f650d693984db73c7a72685f28cdeeca2fa34a407808231

    • SHA512

      fd79696e98c8e3f9a422fa879c28b3305f007b8ea5efd80b5524704b8bea8183c0ba11d4336d5a4aed1c97b17a668b488808fb0a0f7614f001a32c48e3d8083b

    • SSDEEP

      49152:M3/gkI5J3aQ8EeZrQYcPRTX8PI6ct/6G3IDfe57b968bhs3Z8+uBpT:M3/gkIf7uVpcP5X8gpR6G3IDfI68bh+C

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      Sibuia.exe

    • Size

      2.2MB

    • MD5

      a27781beec02a26de306aae4f1a07eca

    • SHA1

      56cfe4516031a3cbb6e9ea93d910447914f22e01

    • SHA256

      845bb388322c35078cfc9d47d4d1752b62f796f4defa79215004547a040d0704

    • SHA512

      dfc25773b867805c5ffaabde22be435512cf9597237aacb4627f6b66c69f68180f78877983b5099dba7b3792a0a0836ad0991004af1a9271b3827d53aca03236

    • SSDEEP

      49152:0WCNFxq0fxayB2TONHJcjhs5cj8h6oTsAsmi9iFBShiYFW+p5eOQ:WNFxppbBoOVGjhsQ8h6oTsA9i9mBShi9

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      Zip.dll

    • Size

      27KB

    • MD5

      370ee18a17759b6bfbed5cd61c9cb790

    • SHA1

      9c771cb24e1be76c2b2ca8eebbd9b3cf35f2b225

    • SHA256

      fc66cd9add2a83dd2fb12cd908e8f70d54530d4dbf011e948c8adeaaa1dc975b

    • SHA512

      1ec5d3d3dbda311fca1dfa67e663ad01eeb2b6c0f53f17a48dbb8bdb20bdd5f102dcf959d8bda0d83ddcc97eb50858d31fa4945cd8e1a0da8ba96cc65177e5c0

    • SSDEEP

      384:bNkcKOXXU2KpwKNs1IdrMkSJIVE8E9VF0NyTGInpwKNs1IdrNJjSJIVE8E9VF0Nq:bNuik2/SdrW2EVcSdrn62EWg

    Score
    1/10
    behavioral23behavioral24

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

netsupportdiscoverypersistencerat
Score
10/10

behavioral2

netsupportdiscoverypersistencerat
Score
10/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

execution
Score
3/10

behavioral10

execution
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

persistence
Score
6/10

behavioral14

persistence
Score
6/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

Score
1/10

behavioral24

Score
1/10

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.