Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2fbe2d59c59fc956c1895f59757657dc.bin

  • Size

    6KB

  • Sample

    230322-bk75qsea75

  • MD5

    7c4496089c7b5da2ed27c228cbb9e081

  • SHA1

    3695ab2d4188a896e59cce5e7ab9a9e6f8e15602

  • SHA256

    611b1377897f574d551d52bdfd726a13818071fc8605c7af8d19b0d2384cab6d

  • SHA512

    363b2b4ae429b50fefd5ce629e1d480b17692df6f7daab66e4dc6f34cd74b504889ebbef9bdf94766a6c9cb427cf7bf947f3f4f380c0ee8246c32e93aaf4c075

  • SSDEEP

    96:M9bP4H5kCvT3blukYkvID7eI4H96AH+HCHw7p+527XXzRXXUajRFiROB8O2z9B:MKHeCvfkkYFDiI4HXeV74Y1ESFiq2zz

Malware Config

Targets

    • Target

      BBVA REMITANCE PDF.vbs

    • Size

      11KB

    • MD5

      a3e1e0656418b73ed6c01a5e81cab3fe

    • SHA1

      eaf764c590b1e8bf83c6099025800cb2659c88d1

    • SHA256

      7cdead7bbbb2d7719151b78fca01d9edd4811852c14cdf3034926db09afadeff

    • SHA512

      88b2218c4d2fc0f377d4d032a281b9570dc121219d573e5a12ced33420dc48dad2528e7b4e39f974ebe6c74155dcebef9818a053312291c2a470ff25f15dbfef

    • SSDEEP

      192:UueqaOrAY2CyGlxgL4rMS2octfPVYS/1UTKeZ7AkDnA4m0H:UbqayAPbGlxg0rWtHSS/1U/tAknH

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Blocklisted process makes network request

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks