Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    32b77d3e76a05de49b77a701551220c2884f294c453f7e2c644adda47a95b463.xls

  • Size

    217KB

  • Sample

    221103-qbwgxaaea7

  • MD5

    e32f0521b0d507a25997e3feef71f090

  • SHA1

    bdd537bfae6233b83e9793cc3519f8a2a2f64b62

  • SHA256

    32b77d3e76a05de49b77a701551220c2884f294c453f7e2c644adda47a95b463

  • SHA512

    1d20990cd1e6cf83f29f8a6f11e8dc2f4ca3dae38dbef466d27186d2216e26ab25a126bd0c3e98e2d0ab5628058ad50c9b481116126ce8c6b12e73c5998ef226

  • SSDEEP

    6144:OKpb8rGYrMPe3q7Q0XV5xtuEsi8/dg8yY+TAQXTHGUMEyP5p6f5jQmt:nbGUMVWlbt

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://kabaruntukrakyat.com/wp-content/B9oJ0jh/

xlm40.dropper

http://coinkub.com/wp-content/WwrJvjumS/

xlm40.dropper

https://aberractivity.hu/iqq/Dmtv/

xlm40.dropper

https://anamafegarcia.es/css/HfFXMTXvc40t/

Targets

    • Target

      32b77d3e76a05de49b77a701551220c2884f294c453f7e2c644adda47a95b463.xls

    • Size

      217KB

    • MD5

      e32f0521b0d507a25997e3feef71f090

    • SHA1

      bdd537bfae6233b83e9793cc3519f8a2a2f64b62

    • SHA256

      32b77d3e76a05de49b77a701551220c2884f294c453f7e2c644adda47a95b463

    • SHA512

      1d20990cd1e6cf83f29f8a6f11e8dc2f4ca3dae38dbef466d27186d2216e26ab25a126bd0c3e98e2d0ab5628058ad50c9b481116126ce8c6b12e73c5998ef226

    • SSDEEP

      6144:OKpb8rGYrMPe3q7Q0XV5xtuEsi8/dg8yY+TAQXTHGUMEyP5p6f5jQmt:nbGUMVWlbt

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks