Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    008100179377_INV_AWB_20230329.exe

  • Size

    339KB

  • Sample

    230403-gmfq6ada79

  • MD5

    8ee10213a8319fdec8c2229e264a01d4

  • SHA1

    c4e084201355eb124444d2ef58e049386fd0fb39

  • SHA256

    4506e6e700c4e9b899f09c826a0d34a4a601654ce891dec0fe5a62dbb89f82e7

  • SHA512

    5f1ff49411157502a73b89e481f69d35c710e9d4b9340beadd5b92ac59ecc3ff7347597ac42c65393bc9b32821b8f4b86bf5135f28450fb55812a4f0dd1c4298

  • SSDEEP

    6144:yPXlu0E/c84v3K/qVkEizYgANMNMK9QlOMMWVJvVyn2hsXWyVjrKr:5/GvK/qDiLBKfIWVJvV6C/ypa

Score
10/10

Malware Config

Targets

    • Target

      008100179377_INV_AWB_20230329.exe

    • Size

      339KB

    • MD5

      8ee10213a8319fdec8c2229e264a01d4

    • SHA1

      c4e084201355eb124444d2ef58e049386fd0fb39

    • SHA256

      4506e6e700c4e9b899f09c826a0d34a4a601654ce891dec0fe5a62dbb89f82e7

    • SHA512

      5f1ff49411157502a73b89e481f69d35c710e9d4b9340beadd5b92ac59ecc3ff7347597ac42c65393bc9b32821b8f4b86bf5135f28450fb55812a4f0dd1c4298

    • SSDEEP

      6144:yPXlu0E/c84v3K/qVkEizYgANMNMK9QlOMMWVJvVyn2hsXWyVjrKr:5/GvK/qDiLBKfIWVJvV6C/ypa

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks