Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    132bb6c4728aa2754b10523a06e1d6ad4b571b59a3821c2baef81210d136d30d

  • Size

    41KB

  • Sample

    240916-rw8hmssgjk

  • MD5

    7e4ddcf544043887aa681f00f4d88411

  • SHA1

    cbfea2438100a9bae01a06ccc73b06d51ace1626

  • SHA256

    132bb6c4728aa2754b10523a06e1d6ad4b571b59a3821c2baef81210d136d30d

  • SHA512

    e0156be04e9af473941eb289304a86f03cc77ae0d1d8bb90096ded7291dc6ebb149796f7f296f10e2c38a778a9c23ea322f541b2a27e6ae9dd2f7fbf9f726bab

  • SSDEEP

    384:Z9vOg3no0bPtRwN8Zb8BO7kLkpUJX4T2vz9xboQ8VfiQZykwNDG2R050v2r6Fuo3:Zp3nhaM+JzXgKQYYx9o7V

Malware Config

Targets

    • Target

      132bb6c4728aa2754b10523a06e1d6ad4b571b59a3821c2baef81210d136d30d

    • Size

      41KB

    • MD5

      7e4ddcf544043887aa681f00f4d88411

    • SHA1

      cbfea2438100a9bae01a06ccc73b06d51ace1626

    • SHA256

      132bb6c4728aa2754b10523a06e1d6ad4b571b59a3821c2baef81210d136d30d

    • SHA512

      e0156be04e9af473941eb289304a86f03cc77ae0d1d8bb90096ded7291dc6ebb149796f7f296f10e2c38a778a9c23ea322f541b2a27e6ae9dd2f7fbf9f726bab

    • SSDEEP

      384:Z9vOg3no0bPtRwN8Zb8BO7kLkpUJX4T2vz9xboQ8VfiQZykwNDG2R050v2r6Fuo3:Zp3nhaM+JzXgKQYYx9o7V

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks