Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

MalwareBazaar.exe

windows7-x64

10

MalwareBazaar.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MalwareBazaar.16

  • Size

    398KB

  • Sample

    240709-nf8xpatbkg

  • MD5

    b1c35e78f5d588430c4f534479def9f2

  • SHA1

    f787dd3327ca04361935f74867f76f16821db99f

  • SHA256

    4412e46cdfffa346ea1d4e07b30077ccaa09fe1cbbe6f9965df193f2e063f4b7

  • SHA512

    5f78e6794ae313f5ca96c33fe0ecf0c882a18a93caa54bf92823ac42c5c753b6a98d4c77618de2b62cbc9d24e6e500272e4ffa7b25afff20b7e8349fc278a66c

  • SSDEEP

    12288:9GkmNVhJhqnfP30YhNia+nv4tQD3W/P19QY:9GkmPh7qfPrsQeD3W/bd

Score
10/10
guloadercollectiondownloaderevasionexecutionpersistencetrojan

Malware Config

Targets

    • Target

      MalwareBazaar.16

    • Size

      398KB

    • MD5

      b1c35e78f5d588430c4f534479def9f2

    • SHA1

      f787dd3327ca04361935f74867f76f16821db99f

    • SHA256

      4412e46cdfffa346ea1d4e07b30077ccaa09fe1cbbe6f9965df193f2e063f4b7

    • SHA512

      5f78e6794ae313f5ca96c33fe0ecf0c882a18a93caa54bf92823ac42c5c753b6a98d4c77618de2b62cbc9d24e6e500272e4ffa7b25afff20b7e8349fc278a66c

    • SSDEEP

      12288:9GkmNVhJhqnfP30YhNia+nv4tQD3W/P19QY:9GkmPh7qfPrsQeD3W/bd

    Score
    10/10
    guloaderdownloaderexecutionpersistencecollectionevasiontrojan

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • UAC bypass

      evasiontrojan

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Accesses Microsoft Outlook accounts

      collection

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks