Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Remesas Aceptadas_PDF.exe
-
Size
353KB
-
Sample
230821-n6e3ascf82
-
MD5
5eac01eb48b833581db348bc8ab49932
-
SHA1
76adbcf9ffd7c737a513c61412c74a8acb9832d2
-
SHA256
b48a5ebf4d21ce938606b70952e053ff15581a50d96e1e2cec000a8173edade3
-
SHA512
dddf71de0f660ef623811091c95f7779ffb14e1974b7fe83c37be570cd5c731470be3d6d2cf67ff2745e7c756acb6cd208c552428a9ddd86e66ff9487d636b2d
-
SSDEEP
6144:kQ606xiZ8/J8UwuB58YjMo3LNkW0IqWNhPyXgeXyy4WUviQX2EMKedJje:fZ8/Sg8doLOWJd7DdevK
Static task
static1
Behavioral task
behavioral1
Sample
Remesas Aceptadas_PDF.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Remesas Aceptadas_PDF.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.clinicademiguel.com - Port:
587 - Username:
[email protected] - Password:
consta*46737
Targets
-
-
Target
Remesas Aceptadas_PDF.exe
-
Size
353KB
-
MD5
5eac01eb48b833581db348bc8ab49932
-
SHA1
76adbcf9ffd7c737a513c61412c74a8acb9832d2
-
SHA256
b48a5ebf4d21ce938606b70952e053ff15581a50d96e1e2cec000a8173edade3
-
SHA512
dddf71de0f660ef623811091c95f7779ffb14e1974b7fe83c37be570cd5c731470be3d6d2cf67ff2745e7c756acb6cd208c552428a9ddd86e66ff9487d636b2d
-
SSDEEP
6144:kQ606xiZ8/J8UwuB58YjMo3LNkW0IqWNhPyXgeXyy4WUviQX2EMKedJje:fZ8/Sg8doLOWJd7DdevK
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-