Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
TAX-INVOICE-UAE-UNPAID-NOTIFICATION.vbs
-
Size
34KB
-
Sample
230508-w269zsdh2z
-
MD5
21a4e31b7ca2e4608bf43d2ad901edc3
-
SHA1
b0e3f0ec85b343fb75bb00fe4fdb3945714d52d2
-
SHA256
beda408709feea7d2023f328e9c97bf4d090bcfb3948fc4e4d9c5c580d8f5858
-
SHA512
68686bfa80bc22521da952707aa38a7d3b0a1caedaef2c6ba436ddaa12bed2dbc41982e650945877ce633f26049dcbbfc946ba486c317b07e5be868ebe379fd2
-
SSDEEP
768:7XDUAi25dFuE6dFxAi6EvM6bjUDSXjuISLDIca:7XQV0e76EqOMfa
Malware Config
Targets
-
-
Target
TAX-INVOICE-UAE-UNPAID-NOTIFICATION.vbs
-
Size
34KB
-
MD5
21a4e31b7ca2e4608bf43d2ad901edc3
-
SHA1
b0e3f0ec85b343fb75bb00fe4fdb3945714d52d2
-
SHA256
beda408709feea7d2023f328e9c97bf4d090bcfb3948fc4e4d9c5c580d8f5858
-
SHA512
68686bfa80bc22521da952707aa38a7d3b0a1caedaef2c6ba436ddaa12bed2dbc41982e650945877ce633f26049dcbbfc946ba486c317b07e5be868ebe379fd2
-
SSDEEP
768:7XDUAi25dFuE6dFxAi6EvM6bjUDSXjuISLDIca:7XQV0e76EqOMfa
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Blocklisted process makes network request
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-