Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2fbe2d59c59fc956c1895f59757657dc.bin
-
Size
6KB
-
Sample
230322-bk75qsea75
-
MD5
7c4496089c7b5da2ed27c228cbb9e081
-
SHA1
3695ab2d4188a896e59cce5e7ab9a9e6f8e15602
-
SHA256
611b1377897f574d551d52bdfd726a13818071fc8605c7af8d19b0d2384cab6d
-
SHA512
363b2b4ae429b50fefd5ce629e1d480b17692df6f7daab66e4dc6f34cd74b504889ebbef9bdf94766a6c9cb427cf7bf947f3f4f380c0ee8246c32e93aaf4c075
-
SSDEEP
96:M9bP4H5kCvT3blukYkvID7eI4H96AH+HCHw7p+527XXzRXXUajRFiROB8O2z9B:MKHeCvfkkYFDiI4HXeV74Y1ESFiq2zz
Static task
static1
Behavioral task
behavioral1
Sample
BBVA REMITANCE PDF.vbs
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
BBVA REMITANCE PDF.vbs
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
BBVA REMITANCE PDF.vbs
-
Size
11KB
-
MD5
a3e1e0656418b73ed6c01a5e81cab3fe
-
SHA1
eaf764c590b1e8bf83c6099025800cb2659c88d1
-
SHA256
7cdead7bbbb2d7719151b78fca01d9edd4811852c14cdf3034926db09afadeff
-
SHA512
88b2218c4d2fc0f377d4d032a281b9570dc121219d573e5a12ced33420dc48dad2528e7b4e39f974ebe6c74155dcebef9818a053312291c2a470ff25f15dbfef
-
SSDEEP
192:UueqaOrAY2CyGlxgL4rMS2octfPVYS/1UTKeZ7AkDnA4m0H:UbqayAPbGlxg0rWtHSS/1U/tAknH
-
Blocklisted process makes network request
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-