Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dbaf0103b94b49370b87cfdf0feb19811e3373da314b065d8068fab0bc003fde.vbs

  • Size

    25KB

  • Sample

    240608-b1hvsafc2z

  • MD5

    e21aac072a10d80842d362743e1ffa59

  • SHA1

    d8b3aeffe2eedc17e06bafecd26b603c6a8908b9

  • SHA256

    dbaf0103b94b49370b87cfdf0feb19811e3373da314b065d8068fab0bc003fde

  • SHA512

    7046ea4afb9ce9b490bf4fd7f2db533bded2eefc88dc64a80809f5e7fef6d184b2259a15cb06f6f1ebb92dcbd1a9b5f8d471ae1201557d07075827ad2a7ffa78

  • SSDEEP

    384:r0Dk2uAnMKYHzkvaZGxeecfCPNPh7ZbIxUXGDZ6SMTXJ7pZXi7m4d4ud0oekM25z:r0o2/YHocW9ZUxa6K5i5B75aFzoWLv3K

Score
10/10

Malware Config

Targets

    • Target

      dbaf0103b94b49370b87cfdf0feb19811e3373da314b065d8068fab0bc003fde.vbs

    • Size

      25KB

    • MD5

      e21aac072a10d80842d362743e1ffa59

    • SHA1

      d8b3aeffe2eedc17e06bafecd26b603c6a8908b9

    • SHA256

      dbaf0103b94b49370b87cfdf0feb19811e3373da314b065d8068fab0bc003fde

    • SHA512

      7046ea4afb9ce9b490bf4fd7f2db533bded2eefc88dc64a80809f5e7fef6d184b2259a15cb06f6f1ebb92dcbd1a9b5f8d471ae1201557d07075827ad2a7ffa78

    • SSDEEP

      384:r0Dk2uAnMKYHzkvaZGxeecfCPNPh7ZbIxUXGDZ6SMTXJ7pZXi7m4d4ud0oekM25z:r0o2/YHocW9ZUxa6K5i5B75aFzoWLv3K

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks