Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Remesas Aceptadas_PDF.exe

  • Size

    353KB

  • Sample

    230821-n6e3ascf82

  • MD5

    5eac01eb48b833581db348bc8ab49932

  • SHA1

    76adbcf9ffd7c737a513c61412c74a8acb9832d2

  • SHA256

    b48a5ebf4d21ce938606b70952e053ff15581a50d96e1e2cec000a8173edade3

  • SHA512

    dddf71de0f660ef623811091c95f7779ffb14e1974b7fe83c37be570cd5c731470be3d6d2cf67ff2745e7c756acb6cd208c552428a9ddd86e66ff9487d636b2d

  • SSDEEP

    6144:kQ606xiZ8/J8UwuB58YjMo3LNkW0IqWNhPyXgeXyy4WUviQX2EMKedJje:fZ8/Sg8doLOWJd7DdevK

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.clinicademiguel.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    consta*46737

Targets

    • Target

      Remesas Aceptadas_PDF.exe

    • Size

      353KB

    • MD5

      5eac01eb48b833581db348bc8ab49932

    • SHA1

      76adbcf9ffd7c737a513c61412c74a8acb9832d2

    • SHA256

      b48a5ebf4d21ce938606b70952e053ff15581a50d96e1e2cec000a8173edade3

    • SHA512

      dddf71de0f660ef623811091c95f7779ffb14e1974b7fe83c37be570cd5c731470be3d6d2cf67ff2745e7c756acb6cd208c552428a9ddd86e66ff9487d636b2d

    • SSDEEP

      6144:kQ606xiZ8/J8UwuB58YjMo3LNkW0IqWNhPyXgeXyy4WUviQX2EMKedJje:fZ8/Sg8doLOWJd7DdevK

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks