Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    AWBSHIPPING-DHL-46T6R9764987.vbs

  • Size

    42KB

  • Sample

    240430-lsyalshf5s

  • MD5

    13c8293c8c161c3c2572a39f2591520a

  • SHA1

    a7c9097d4fc7911db572e1be818e1b9fd6ba9a13

  • SHA256

    014fa04a5028251ea8ed900339ff91f3a040914ef9ceb8b342d7da22aef09119

  • SHA512

    d8add90901ccbc9b62d2a2e5a21cc316475cab94a7ae2e7c900d81a6d7ba67db6d57861d184b847f4fec19065ef76ab6e937d6eec5235051b588ed344d007c95

  • SSDEEP

    768:y5jl4SycO0mAWbs1SDsqc59+yXs6r+aTpJZSpVXQ8hcc2gGxy7qk4aQ1DVkzP/R4:y5j+NcOZAWbs1SgR59lrBJSnX5QhxyzC

Malware Config

Targets

    • Target

      AWBSHIPPING-DHL-46T6R9764987.vbs

    • Size

      42KB

    • MD5

      13c8293c8c161c3c2572a39f2591520a

    • SHA1

      a7c9097d4fc7911db572e1be818e1b9fd6ba9a13

    • SHA256

      014fa04a5028251ea8ed900339ff91f3a040914ef9ceb8b342d7da22aef09119

    • SHA512

      d8add90901ccbc9b62d2a2e5a21cc316475cab94a7ae2e7c900d81a6d7ba67db6d57861d184b847f4fec19065ef76ab6e937d6eec5235051b588ed344d007c95

    • SSDEEP

      768:y5jl4SycO0mAWbs1SDsqc59+yXs6r+aTpJZSpVXQ8hcc2gGxy7qk4aQ1DVkzP/R4:y5j+NcOZAWbs1SgR59lrBJSnX5QhxyzC

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook accounts

    • Adds Run key to start application

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks