Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cda884256a956e327bde7ea969e1b665adc842e0c5c136492b523ee41d3847a3.exe

  • Size

    1.5MB

  • Sample

    250205-ehvneaykhv

  • MD5

    e46e8605c7dd4927f00173e2a587726d

  • SHA1

    37dd89538130146fdbde3f9ef7790ee9b5cee32e

  • SHA256

    cda884256a956e327bde7ea969e1b665adc842e0c5c136492b523ee41d3847a3

  • SHA512

    ed32a8efad799a0ad17faa13aa885e52a05b36c844425e7aece0007c1e3bc6ed22f90cc17dc32759ad97007e3ec8460ae082c51dad8f9911a72bd698c5a684da

  • SSDEEP

    12288:z+Qf9NxkERr1JzrDTzz7wHxhW88KH6Yn77TCNp8jToZGrhR0Zr:Dx0j8KaYnfTYp8/oZMGZr

Malware Config

Targets

    • Target

      cda884256a956e327bde7ea969e1b665adc842e0c5c136492b523ee41d3847a3.exe

    • Size

      1.5MB

    • MD5

      e46e8605c7dd4927f00173e2a587726d

    • SHA1

      37dd89538130146fdbde3f9ef7790ee9b5cee32e

    • SHA256

      cda884256a956e327bde7ea969e1b665adc842e0c5c136492b523ee41d3847a3

    • SHA512

      ed32a8efad799a0ad17faa13aa885e52a05b36c844425e7aece0007c1e3bc6ed22f90cc17dc32759ad97007e3ec8460ae082c51dad8f9911a72bd698c5a684da

    • SSDEEP

      12288:z+Qf9NxkERr1JzrDTzz7wHxhW88KH6Yn77TCNp8jToZGrhR0Zr:Dx0j8KaYnfTYp8/oZMGZr

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks