Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    04072024_0308_03072024_waybill_shipping_documents_original_BL_CI&PL_03_07_2024_00000000_doc.7z

  • Size

    15KB

  • Sample

    240704-dm2f3stbma

  • MD5

    eb808525398bb89826b47b550c343faf

  • SHA1

    58e43e5d424fb517b6467c9784d2f0c60925e744

  • SHA256

    cbeaa69112438979b62158313337d7adca7208826cd4ce4ab19504bb0897bae4

  • SHA512

    63424805de2d30840d69d251b4f87533bbb48a90bb9a148835765df5a32cb1d566886fbed32e0f0cebff70c3b42e30c44e974caa259fd5d74971bf9e60aca237

  • SSDEEP

    384:tyPtoWoYlw1IB7wJ+zgwoOGnPaB1ZH0G+P7BtS8B/HfXwe+/5:tWyECcwJPnPaB1ZBS7Z/XZI5

Malware Config

Targets

    • Target

      waybill_shipping_documents_original_BL_CI&PL_03_07_2024_00000000_doc.vbs

    • Size

      26KB

    • MD5

      503813637a43724a817bf18d9f8b6610

    • SHA1

      c44800bcab2246b8cea09d9c8e8b56d461a634cc

    • SHA256

      027478d4f38530836abfa6819748b88b4b540d0a27090903d697a5d3e555535e

    • SHA512

      486ac7e3b46725c0da9f27051d6b657a59746a99d2788ccf971096ab8b920dcb3547acc320ca83d064a639694f992b917705bfb839729ac3473237a12ce2bb4e

    • SSDEEP

      384:VBlzV6m2So022lGP9V6+s0flKJpl/5ZrE5HVnS0Re7PIx+5lEPmgww74LKQKhOAp:ZzSR022X/523S0e8xPPm+Tmq5qPtxhgz

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook accounts

    • Adds Run key to start application

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks