Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    rSkeledes.exe

  • Size

    503KB

  • Sample

    231012-q628yach5x

  • MD5

    ea1d99e95c51be095f8271952b26acb8

  • SHA1

    1172ff4e5d077d79f47f81f1e4ec3288ec608799

  • SHA256

    d2a7db4b5d96370d8693b3e204af84f3b607ccd744b204e1a3321e007d9ab8c4

  • SHA512

    42f57e99a0a2a534b7c1ca89515c43212ab2c7df394f03186b526a4d3ec78385af502692cfbe631ecd984175232d9a6e13bc4e893ad0abee65434e9abb9c1bdd

  • SSDEEP

    12288:6wc+rgbIhKjQfDDPURqqwYb7csVLuKOEy41cdgev+AVRUj0DgUDsR:6WrgbIwQfDwRq9Yb7cQdb1cGlGR4y0

Score
10/10

Malware Config

Targets

    • Target

      rSkeledes.exe

    • Size

      503KB

    • MD5

      ea1d99e95c51be095f8271952b26acb8

    • SHA1

      1172ff4e5d077d79f47f81f1e4ec3288ec608799

    • SHA256

      d2a7db4b5d96370d8693b3e204af84f3b607ccd744b204e1a3321e007d9ab8c4

    • SHA512

      42f57e99a0a2a534b7c1ca89515c43212ab2c7df394f03186b526a4d3ec78385af502692cfbe631ecd984175232d9a6e13bc4e893ad0abee65434e9abb9c1bdd

    • SSDEEP

      12288:6wc+rgbIhKjQfDDPURqqwYb7csVLuKOEy41cdgev+AVRUj0DgUDsR:6WrgbIwQfDwRq9Yb7cQdb1cGlGR4y0

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks