Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SKGHM_PE_757583588358839538539599593BeoersKnucklehead_1.7z

  • Size

    47KB

  • Sample

    240607-vs4xtsbd6x

  • MD5

    81154b8137816008b1ef4beaad668a4b

  • SHA1

    8c634ea54f6880b953eea7666fda31a2e4d90e35

  • SHA256

    950908d3fcdebad1d68f28d7e05251fe94f15746e2105eb76335dabc3a1078a6

  • SHA512

    63ab0647d081c0993e5cb1ce94dfbed695ae03911f08e8772def686adb9af3b57cc0959161ca5ba649d1a15130a31c38689f487c7c27aca560af4f98828df3e9

  • SSDEEP

    768:jcUoj9JkDBHeo/1XEOduqh77bDLfdhO1bZdByXiK8ArAQtblfd0c/BKAirxoXI3t:jcUojqBHeo/1UGV7bDLO1BAiK/HBlfi9

Malware Config

Targets

    • Target

      SKGHM_PE_757583588358839538539599593BeoersKnucklehead.vbs

    • Size

      154KB

    • MD5

      8993abe6fdbed5a58e5f8806cb1a12d8

    • SHA1

      6f52e232be6a55b0411d2d2bf1e03b01b7388921

    • SHA256

      1d6d36ec589cbecea839e3b4a5156a35f48436847043f2e1f307f6579e7893e2

    • SHA512

      9de0b6554063778d0fec454f0fcb72acc5a1b652aff0f4513254097b6cfdce80c496e330ba93c2bacbabc5437fa508a124eb5e099c0e92dca2d7b70975090bd3

    • SSDEEP

      3072:Gvn9Dm5IXdH7eAlsSyP/ioJbae+nzu6J5RcuXrMLyVZH4lY0Gx2gDwDjNMrt:Gvn9Dm5IXdH7ecsSyP/io9ae+nzu6J5j

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks