Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d5ad455fc4cb6eb845f6ec26dacef302.bin

  • Size

    245KB

  • Sample

    230324-cs7plsdf6y

  • MD5

    a8220b2fbeb090b649f3a239ef29f896

  • SHA1

    ad0a8a60d7cb13afac4f5f766034c27d2a9290ab

  • SHA256

    b39885404ea994db97059680fd47dda1ad3570fd2dacb7dd0df0630cf1a8006e

  • SHA512

    0bd30be8bbded33551044660113384977c7454508571154ab897869bedf80cfaab0554be4fba8725f8efced46675690311dd3c0f80828547bc3bf73aa41b6bf4

  • SSDEEP

    6144:se9alTARurPRWVyaZKR95FUDPQujEIvTLIH:71ur2Ze95ODPQuwILW

Malware Config

Targets

    • Target

      6b017394a528be196879753f3c7ae1403aeda629a31b3b6993bc28921521808d.exe

    • Size

      269KB

    • MD5

      d5ad455fc4cb6eb845f6ec26dacef302

    • SHA1

      84c38d916ddbd87d7fa5f7e49c4e96798f5adc09

    • SHA256

      6b017394a528be196879753f3c7ae1403aeda629a31b3b6993bc28921521808d

    • SHA512

      27d326988a948e679333a11da041d7b8e7420436810062b1893886c8ed8c53512681befcc228e3fee727210316c325a6e00cc6accf89291f4f5446b80610e77d

    • SSDEEP

      6144:U6dLy5hBL108rM49Avk8/bxqYY7CEUlx0b9B2crhR+/A:k5HL13M49j8/QY1EQxkB/rTj

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks