Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
DHL_Express_Shipment_Confirmation_Notification_904088477321.vbs
-
Size
22KB
-
Sample
240530-gqwa1sgg9v
-
MD5
5a4ef048a5e3b38a1cfe3813955c1770
-
SHA1
86b17e10f9ce90466020115a3cfbd0ae124289cf
-
SHA256
a7024900ce77051e0df54b2553c5c18a90dafdc92fd8deaa9db50c2da551b549
-
SHA512
0c792d3d9ccef5130b655570dab5c22864696b5796bf0a02718e57a387c8944c3633de65e00a6dcf272f16155e927d818820311099df134776a62a6c4d2c7a64
-
SSDEEP
384:WryE8obOy6raaPOxBROArUfiyV9V4UXTDMm33/QCKPl84de6u8Y+9bkzxXXx5r6:WrwgO/aaPOxBNIdTDM634CKKSP9bsnxo
Malware Config
Targets
-
-
Target
DHL_Express_Shipment_Confirmation_Notification_904088477321.vbs
-
Size
22KB
-
MD5
5a4ef048a5e3b38a1cfe3813955c1770
-
SHA1
86b17e10f9ce90466020115a3cfbd0ae124289cf
-
SHA256
a7024900ce77051e0df54b2553c5c18a90dafdc92fd8deaa9db50c2da551b549
-
SHA512
0c792d3d9ccef5130b655570dab5c22864696b5796bf0a02718e57a387c8944c3633de65e00a6dcf272f16155e927d818820311099df134776a62a6c4d2c7a64
-
SSDEEP
384:WryE8obOy6raaPOxBROArUfiyV9V4UXTDMm33/QCKPl84de6u8Y+9bkzxXXx5r6:WrwgO/aaPOxBNIdTDM634CKKSP9bsnxo
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-