Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    18042024_2336_18042024_Спецификация контракта Казахстан – Российская Федерация.7z

  • Size

    390KB

  • Sample

    240418-s1zlzaha25

  • MD5

    ec38e1a16d10b110a4120717bd0b355a

  • SHA1

    8d2a53416232001021d5bf25874fed1a0749e134

  • SHA256

    de894dce10bfc232aea2d9fa74e16c298d22caf5931eafec5e6476d16c33d983

  • SHA512

    bef7f48afaef698d77a915a6ed772412054ec98ec9be30b79019f340866ca527bf6e3c8ac610aa6b01bba47e43d92d2728b29b6e5ddf1e8453361b00d92cd8b7

  • SSDEEP

    6144:GMWXzBipZ+tNYb0TvNGLNYpelNywrz7wIkDalZpvR0dzBRwsLydxY75yJ6lhivOO:Gpccq4T+Ype3wIoaXEzvwsLOxYphUOwx

Malware Config

Targets

    • Target

      Спецификация контракта Казахстан – Российская Федерация.exe

    • Size

      517KB

    • MD5

      a6b7d5f2bfefda4b0663a7ba6bbc041c

    • SHA1

      c5f5c00c55140cdddd198c32e5639ab41c0166db

    • SHA256

      fc682a6fc3ac615b76230f7d1418e9d1b0f325e8d4a23df978453d07c9ce5f43

    • SHA512

      9df274c79609c787836563ce606b0c5b4aba8a8e00a27ffc6b98cc1a9e66dfb6d4f276f4495194cfe471661ce30138439bb96b46d6f2dedd82e1494078187bd3

    • SSDEEP

      12288:fzA/ggggjiOW6Ype3OIo+X2zvysLOxwph8Ow+:U/ggggji56Ykq+XoysLMo8Ow+

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Adds Run key to start application

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      Fellator/Paletter/Lowbyte/Avanceringen157/Rekrt.Bal

    • Size

      56KB

    • MD5

      2354362f1cb0a39baef7da6969832048

    • SHA1

      ed2a3597370eea69ea017af285c99d1b60556a0c

    • SHA256

      f5129323c012e960d4b1a619a95757cc81675275e4c795883004c54da5ed3bb2

    • SHA512

      a09dbc69627bd42180fe9cf8fc7234798e30296de3a2b35a0c071e7507d9a63a5dc3f0873183a8bd93e929e05ea5d647323cf2905f4550cfb8cc5ee07353999a

    • SSDEEP

      1536:cNNoZXAoFiKJ3QQkAZAheVVkK95OhXOEFcKNmRAbUmptcI:cNWZJU+Y6MOVvWUKNsA4mgI

    Score
    8/10
    • Modifies Installed Components in the registry

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks