Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

PLANT PROJ...df.exe

windows7-x64

10

PLANT PROJ...df.exe

windows10-2004-x64

8

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDI...ge.dll

windows7-x64

1

$PLUGINSDI...ge.dll

windows10-2004-x64

1

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PLANT PROJECT PROPOSAL BID_24-0676·pdf.exe

  • Size

    661KB

  • Sample

    240628-m4jf9swbqh

  • MD5

    74336e7da7a408aaa8294da6f6aac32a

  • SHA1

    6580cf46066ea303fd79f59a714e28a7c94407ac

  • SHA256

    6ffd9cb38cde78ef56ec635621c3f432ff095bede0cdf72b27ea41d4ad45cab4

  • SHA512

    f897d959b2d1e251fb029207b7039870ebbad6302a0e1628d3005f7fd83eff8fd542e7af86b60b51ea004dad8dcdeb0a92666160afe85acbeb797bd556ebfeed

  • SSDEEP

    12288:zsB4GOaH78odDXrppDwLZpsh3uq8RXFeWM:I4GOedDbnsLZWhSRXFY

Score
10/10
guloaderlokibotcollectiondownloaderexecutionspywarestealertrojan

Malware Config

Targets

    • Target

      PLANT PROJECT PROPOSAL BID_24-0676·pdf.exe

    • Size

      661KB

    • MD5

      74336e7da7a408aaa8294da6f6aac32a

    • SHA1

      6580cf46066ea303fd79f59a714e28a7c94407ac

    • SHA256

      6ffd9cb38cde78ef56ec635621c3f432ff095bede0cdf72b27ea41d4ad45cab4

    • SHA512

      f897d959b2d1e251fb029207b7039870ebbad6302a0e1628d3005f7fd83eff8fd542e7af86b60b51ea004dad8dcdeb0a92666160afe85acbeb797bd556ebfeed

    • SSDEEP

      12288:zsB4GOaH78odDXrppDwLZpsh3uq8RXFeWM:I4GOedDbnsLZWhSRXFY

    Score
    10/10
    guloaderlokibotcollectiondownloaderexecutionspywarestealertrojan

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/AdvSplash.dll

    • Size

      6KB

    • MD5

      6def2cf3daf850acdc1a3e7340a439c4

    • SHA1

      95d0d26f60cd5af697502cd5e53a54913ab188fb

    • SHA256

      3ec3cf21a99ab0533ec2c451df3b5542733f70b972089d5c321ad7ae3b87d175

    • SHA512

      16b1cf4783284d4a1282c569f5c416c713b4b339efcd4d3948bdf7da2194c597bd732d07ba9fabafcab323ba8c8da68845d4435ab9d1916b1810087ee1f5c413

    • SSDEEP

      96:bNcIcmLEjNev3O2obNnNlXUjDftqlqCstWpFwoS:yIpLSG3O9XX+qlqntWpF

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/BgImage.dll

    • Size

      7KB

    • MD5

      2bb17d45e5ad92053ce1e500408dd8a9

    • SHA1

      f5d3a7ee6e28df532e9ce33976c92ff30a5665e4

    • SHA256

      71ce676703dad028e4083e6b960b1ed89885877079d46d5021506eaa6d99db53

    • SHA512

      efdcb476b9b9b5691fe6b9cd77ecbe48d50c6683da01fd51c6b428cc262528fb3dcd295abe28718321b2307b0e032fcb599588f1eb00a93fd9e6a1f7b322b41f

    • SSDEEP

      96:8eXR0AKTIfv7QCUsthvNL85s4lk38Eb3CDfvEh8uLzqkNnLiEQjJ3KxkP:tvBfjbUA/85q3wEh8uLmsLpmP

    Score
    1/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      8ef0e4eb7c89cdd2b552de746f5e2a53

    • SHA1

      820f681e7cec409a02b194a487d1c8af1038acf0

    • SHA256

      41293b9f6588e0fbdc8fcf2a9bd8e2b244cd5ff038fc13033378da337219c9dc

    • SHA512

      a68533e8a19637d0d44219549b24baba0dc4824424842f125600fda3edcafc4bb6bb340d57a00815f262d82373b440d58d6e4e5b2ceb29bb3f6bc4cbde66c3c5

    Score
    3/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      c129bc26a26be6f5816a03520bb37833

    • SHA1

      18100042155f948301701744b131c516bf26ddb8

    • SHA256

      d3694fa0503158194129d113fcc1c83177ff5a5f93d898ce0bcfe9ce12f06bf4

    • SHA512

      dbe79859c41e00a6e951cee889e7f0de29a712792fb531662285a2d6e384884518c7d5d983894c185b3d31d81213d2477cf4576b0114d352b759fe07a1704e63

    • SSDEEP

      96:y7GUaYNwCLuGFctpiKFlYJ8hH4RVHpwdEeY3kRlDr6dMqqyVgN738:8ygp3FcHi0xhYMR8dMqJVgN

    Score
    3/10
    behavioral10behavioral9

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.