Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

5445057585...b9.exe

windows7-x64

10

5445057585...b9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5445057585bd359cb8798d33c4d5f2b9

  • Size

    184KB

  • Sample

    231226-e43adadhcm

  • MD5

    5445057585bd359cb8798d33c4d5f2b9

  • SHA1

    adffbbcd0611cc7a52f8d23c71e2a0a3add19d8f

  • SHA256

    3d8e3c85b8910e3dbc426392456ba630c4ee3a6c0a5d93c818e0f5f80e723e5e

  • SHA512

    d8eff83da3c07d0ba19b29f0a065a599bc615a09980b2558974a159ec05f3e3b445e31a4bdb24ce71ec0f9148593af5ceb7dfa468f9c89fe4ee413db50465272

  • SSDEEP

    1536:RBI0auxZD+WtPIRo0ErH4F//yyubFy0aF8:RPjl+WtPI9fk9fJ

Score
10/10
guloaderremcosdownloaderpersistencerat

Malware Config

Targets

    • Target

      5445057585bd359cb8798d33c4d5f2b9

    • Size

      184KB

    • MD5

      5445057585bd359cb8798d33c4d5f2b9

    • SHA1

      adffbbcd0611cc7a52f8d23c71e2a0a3add19d8f

    • SHA256

      3d8e3c85b8910e3dbc426392456ba630c4ee3a6c0a5d93c818e0f5f80e723e5e

    • SHA512

      d8eff83da3c07d0ba19b29f0a065a599bc615a09980b2558974a159ec05f3e3b445e31a4bdb24ce71ec0f9148593af5ceb7dfa468f9c89fe4ee413db50465272

    • SSDEEP

      1536:RBI0auxZD+WtPIRo0ErH4F//yyubFy0aF8:RPjl+WtPI9fk9fJ

    Score
    10/10
    guloaderdownloaderpersistenceremcosrat

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks