Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

PLANT PROJ...df.exe

windows7-x64

10

PLANT PROJ...df.exe

windows10-2004-x64

8

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDI...ge.dll

windows7-x64

1

$PLUGINSDI...ge.dll

windows10-2004-x64

1

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PLANT PROJECT PROPOSAL BID_24-0676·pdf.exe

  • Size

    661KB

  • Sample

    240628-m4jf9swbqh

  • MD5

    74336e7da7a408aaa8294da6f6aac32a

  • SHA1

    6580cf46066ea303fd79f59a714e28a7c94407ac

  • SHA256

    6ffd9cb38cde78ef56ec635621c3f432ff095bede0cdf72b27ea41d4ad45cab4

  • SHA512

    f897d959b2d1e251fb029207b7039870ebbad6302a0e1628d3005f7fd83eff8fd542e7af86b60b51ea004dad8dcdeb0a92666160afe85acbeb797bd556ebfeed

  • SSDEEP

    12288:zsB4GOaH78odDXrppDwLZpsh3uq8RXFeWM:I4GOedDbnsLZWhSRXFY

Score
10/10
guloaderlokibotcollectiondownloaderexecutionspywarestealertrojan

Malware Config

Targets

    • Target

      PLANT PROJECT PROPOSAL BID_24-0676·pdf.exe

    • Size

      661KB

    • MD5

      74336e7da7a408aaa8294da6f6aac32a

    • SHA1

      6580cf46066ea303fd79f59a714e28a7c94407ac

    • SHA256

      6ffd9cb38cde78ef56ec635621c3f432ff095bede0cdf72b27ea41d4ad45cab4

    • SHA512

      f897d959b2d1e251fb029207b7039870ebbad6302a0e1628d3005f7fd83eff8fd542e7af86b60b51ea004dad8dcdeb0a92666160afe85acbeb797bd556ebfeed

    • SSDEEP

      12288:zsB4GOaH78odDXrppDwLZpsh3uq8RXFeWM:I4GOedDbnsLZWhSRXFY

    Score
    10/10
    guloaderlokibotcollectiondownloaderexecutionspywarestealertrojan

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/AdvSplash.dll

    • Size

      6KB

    • MD5

      6def2cf3daf850acdc1a3e7340a439c4

    • SHA1

      95d0d26f60cd5af697502cd5e53a54913ab188fb

    • SHA256

      3ec3cf21a99ab0533ec2c451df3b5542733f70b972089d5c321ad7ae3b87d175

    • SHA512

      16b1cf4783284d4a1282c569f5c416c713b4b339efcd4d3948bdf7da2194c597bd732d07ba9fabafcab323ba8c8da68845d4435ab9d1916b1810087ee1f5c413

    • SSDEEP

      96:bNcIcmLEjNev3O2obNnNlXUjDftqlqCstWpFwoS:yIpLSG3O9XX+qlqntWpF

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/BgImage.dll

    • Size

      7KB

    • MD5

      2bb17d45e5ad92053ce1e500408dd8a9

    • SHA1

      f5d3a7ee6e28df532e9ce33976c92ff30a5665e4

    • SHA256

      71ce676703dad028e4083e6b960b1ed89885877079d46d5021506eaa6d99db53

    • SHA512

      efdcb476b9b9b5691fe6b9cd77ecbe48d50c6683da01fd51c6b428cc262528fb3dcd295abe28718321b2307b0e032fcb599588f1eb00a93fd9e6a1f7b322b41f

    • SSDEEP

      96:8eXR0AKTIfv7QCUsthvNL85s4lk38Eb3CDfvEh8uLzqkNnLiEQjJ3KxkP:tvBfjbUA/85q3wEh8uLmsLpmP

    Score
    1/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      8ef0e4eb7c89cdd2b552de746f5e2a53

    • SHA1

      820f681e7cec409a02b194a487d1c8af1038acf0

    • SHA256

      41293b9f6588e0fbdc8fcf2a9bd8e2b244cd5ff038fc13033378da337219c9dc

    • SHA512

      a68533e8a19637d0d44219549b24baba0dc4824424842f125600fda3edcafc4bb6bb340d57a00815f262d82373b440d58d6e4e5b2ceb29bb3f6bc4cbde66c3c5

    Score
    3/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      c129bc26a26be6f5816a03520bb37833

    • SHA1

      18100042155f948301701744b131c516bf26ddb8

    • SHA256

      d3694fa0503158194129d113fcc1c83177ff5a5f93d898ce0bcfe9ce12f06bf4

    • SHA512

      dbe79859c41e00a6e951cee889e7f0de29a712792fb531662285a2d6e384884518c7d5d983894c185b3d31d81213d2477cf4576b0114d352b759fe07a1704e63

    • SSDEEP

      96:y7GUaYNwCLuGFctpiKFlYJ8hH4RVHpwdEeY3kRlDr6dMqqyVgN738:8ygp3FcHi0xhYMR8dMqJVgN

    Score
    3/10
    behavioral10behavioral9

MITRE ATT&CK Enterprise v15

Tasks