Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    433e29186c927e98905a6649b507d27fc17329e6f36f2669a6d20dd9a8817e5aN.exe

  • Size

    1.6MB

  • Sample

    250205-jwmxyaxmgw

  • MD5

    a9ac1974040474510b772ac2d6699180

  • SHA1

    b4659c684198702c183ffa02dccb837d35eb39a8

  • SHA256

    433e29186c927e98905a6649b507d27fc17329e6f36f2669a6d20dd9a8817e5a

  • SHA512

    33785f8928bb544944e9973d8e3906dd97d659690b51f4af5652b46ab6c8205d1ec2a0c73f8f0fe9d0d51db206c72b8a24459132c558abbcf110cbd0ab972c7a

  • SSDEEP

    12288:WB5a3hizhz/o456rn9lkQ8rxQslgBKR1jl9RL9BVnDXLmoIY7Tm+jZFluq9wd4Uh:WkB4tpHlgGjlLHlFoq2d5h

Malware Config

Targets

    • Target

      433e29186c927e98905a6649b507d27fc17329e6f36f2669a6d20dd9a8817e5aN.exe

    • Size

      1.6MB

    • MD5

      a9ac1974040474510b772ac2d6699180

    • SHA1

      b4659c684198702c183ffa02dccb837d35eb39a8

    • SHA256

      433e29186c927e98905a6649b507d27fc17329e6f36f2669a6d20dd9a8817e5a

    • SHA512

      33785f8928bb544944e9973d8e3906dd97d659690b51f4af5652b46ab6c8205d1ec2a0c73f8f0fe9d0d51db206c72b8a24459132c558abbcf110cbd0ab972c7a

    • SSDEEP

      12288:WB5a3hizhz/o456rn9lkQ8rxQslgBKR1jl9RL9BVnDXLmoIY7Tm+jZFluq9wd4Uh:WkB4tpHlgGjlLHlFoq2d5h

    • Blackshades

      Blackshades is a remote access trojan with various capabilities.

    • Blackshades family

    • Blackshades payload

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks