Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

BL-SHIPPIN...TS.exe

windows7-x64

8

BL-SHIPPIN...TS.exe

windows10-2004-x64

10

Resubmissions

11/01/2023, 22:20

230111-19j7msee78 10

11/01/2023, 22:15

230111-16ccmaad7z 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BL-SHIPPING DOCUMENTS.bin.zip

  • Size

    279KB

  • Sample

    230111-19j7msee78

  • MD5

    42ba9093eff89886c6e99f8482f1d660

  • SHA1

    0e99f24519c31af5c6f8ae8dd087aed3947c54cb

  • SHA256

    9d7147927eccfce82290fe3c178b3de0b516182b0ac1a6670e00e95b8a7f6055

  • SHA512

    75d338b23d4b90faac6f555562cfa49ec8146ce5cffc75b637b923b82bc7a0947907c5df19f827fbefbf69a907db062d317c4c13432ed1241350574532dedcc6

  • SSDEEP

    6144:syqcfagYhX/KvMByuYvlsdp/ZWBKD4hpQpMZhhIgT2aj7qoGqcaqJ4:qcCDXC/tsb/DD4DIjGJqoaTm

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      BL-SHIPPING DOCUMENTS.bin

    • Size

      446KB

    • MD5

      16adc1ddc372a6cb7d64700d26edcb72

    • SHA1

      f6445a0a8f3b33f171d291cb5957fdd0201e4c9f

    • SHA256

      81c0682751e0e809dc448f1bf8607a36c95840041de00cccd00032e066c6425e

    • SHA512

      784ba69eaed316d0dda71594b8d7139763f7ec2307d9cd09fc1742fd9798bee285f906856603aa15ca035b34a6dca655cb28db31f85f909374d234bc7aba3036

    • SSDEEP

      6144:AYa6RBgLagUpQmFiK40z85vc/AYO7go7dvb9b5:AYx26QVK40zVsgC/

    Score
    10/10
    persistenceevasion

    • Modifies visibility of file extensions in Explorer

      evasion

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks