Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    eec2c1539eebe98ff2430443c84b502c_JaffaCakes118

  • Size

    72KB

  • Sample

    240921-a7wvjsxcnb

  • MD5

    eec2c1539eebe98ff2430443c84b502c

  • SHA1

    0321261ab00e21f04e6fce3b1d4bfe3922ed3cbd

  • SHA256

    bfa21c905d4138da6271a80bf8bbe683a5803a5653555c116151e28c1539f79e

  • SHA512

    e22d1d910337611b56230c4272ebf2b147d0e68b6943c3fe94fb328d966a152b27ec0ad0ff42fbf145e406d8d5de1e472e640d6f71d440707c86522e93871cab

  • SSDEEP

    768:QsUuSrrHS7KljKrdFbCAX6e37Gy09BHqvgJtnvqfYfvhnEHqU09bS7KljKrdFbCK:QsKrr7ATfWHlvVEHp6ATbrr

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=19zRmRWEbe_tvCeYLoFlJAOjP43TkIzc3

xor.base64

Targets

    • Target

      eec2c1539eebe98ff2430443c84b502c_JaffaCakes118

    • Size

      72KB

    • MD5

      eec2c1539eebe98ff2430443c84b502c

    • SHA1

      0321261ab00e21f04e6fce3b1d4bfe3922ed3cbd

    • SHA256

      bfa21c905d4138da6271a80bf8bbe683a5803a5653555c116151e28c1539f79e

    • SHA512

      e22d1d910337611b56230c4272ebf2b147d0e68b6943c3fe94fb328d966a152b27ec0ad0ff42fbf145e406d8d5de1e472e640d6f71d440707c86522e93871cab

    • SSDEEP

      768:QsUuSrrHS7KljKrdFbCAX6e37Gy09BHqvgJtnvqfYfvhnEHqU09bS7KljKrdFbCK:QsKrr7ATfWHlvVEHp6ATbrr

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks