Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5c0efea627341c89a4ee3eb88570f75545c9553997182341247830efee48fc02

  • Size

    11KB

  • Sample

    240917-m4jf9szbpj

  • MD5

    d63294b4ba91b928482d64b5c547698d

  • SHA1

    329970dcd4953c0ce0b34594129a390b01b49d55

  • SHA256

    5c0efea627341c89a4ee3eb88570f75545c9553997182341247830efee48fc02

  • SHA512

    7382ec1f6650739797e3e593b30f779c2146fa48f282280160d2cae7c0f4593f4b36e93142b8faad6890a6a81f07afe5ffed58b7f542b7d2d775fa7afe8c29a4

  • SSDEEP

    192:rfhVWZ6ShqRHhQZALjPNx6MUJJMNndXztaYF9HSsd2BuNGMF1vY6ot9nTHV9sQJt:/WZ6ShiPN4KdpaC9ysdHNGwpuT19Vbh

Malware Config

Targets

    • Target

      A beérkezett kérelem visszaigazolása.vbe

    • Size

      32KB

    • MD5

      9921d0b5bf80b63899d793f480475cbe

    • SHA1

      424494a62902199accb548a5e071fb457817e5d7

    • SHA256

      b340106056e1f66bc231f34fa020dde1bc782b4bff01ab3693a56e03f233b629

    • SHA512

      cbca7093bd5f08337ea58351d2e0efe757a28736e072f9d22b32e2cfd9496efadb892ae4735d15f2918e2c89b9361094b261ea7bb73f30c64dcbdf11b277edc2

    • SSDEEP

      384:Z9vOg3OXUAF3JEkNcwcFAMQ1NQz32dCesqQdXy/vZ5mZYOvA9N4:Zp3O73JT8m9gTZesRXkYIQ

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks