Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

coredrive.exe

windows7-x64

10

coredrive.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    coredrive.exe

  • Size

    1.6MB

  • Sample

    250305-rr7qjs1lz6

  • MD5

    c6a399eb155322a8cbf1390c118553cb

  • SHA1

    c59b0aa34638e8991358520e29625bb7fb4e3b6b

  • SHA256

    a7c8390922ecfe4e4be4c9ffff567e91298a8bbf96dc96318305f45ec59f5221

  • SHA512

    6437b6ea8990130f8e69b113f6ec8310e8831a80a2cf7ef1d8d16b323729a89c4a00a8900030e77f5671a7a40971e519731ec22519d98d7af29577dcb5dfe44e

  • SSDEEP

    49152:R1aqCQ3KKia9icS8P80nPIIXQocVHmir6QmEGmNyRzs3X:R1aA37ia9iJ800QIXQocVHoEGV

Score
10/10
systembcdefense_evasiondiscoverytrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.ak.em-net.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    snoopy

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.ag.em-net.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    qzmp01

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.af.em-net.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    junjun26

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.mediacat.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    380335

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.ae.em-net.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    lavie1027

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.frontier.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    drake97

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.rk-malaysia.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    rkm@2019

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.mediacat.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    mspooh3

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.ae.em-net.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    oceano06

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.frontier.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    chewey01@

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.mcstokes.co.uk
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Holiday1!

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.ae.em-net.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    skgc4792

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.ae.em-net.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    morimori

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.frontier.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Sammy1940

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.ss.em-net.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    syunyou1217

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.ca.em-net.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    snoopy

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.aw.em-net.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    torajiro

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.aw.em-net.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    knfymxed

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.aw.em-net.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    sasaki

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.aw.em-net.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    460831

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.aw.em-net.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    132764

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.an.em-net.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    tera1014

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.an.em-net.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    sk1222

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.cg.em-net.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    pripri227

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.ll.em-net.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    nymi0531

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.ll.em-net.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    team2000

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.ll.em-net.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    nickfaldo

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.ah.em-net.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    661224

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.ah.em-net.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    shizu1216

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.ah.em-net.ne.jp
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    morse0901

Extracted

Credentials

Extracted

Credentials

Extracted

Family

systembc

C2

towerbingobongoboom.com

62.60.226.86

Targets

    • Target

      coredrive.exe

    • Size

      1.6MB

    • MD5

      c6a399eb155322a8cbf1390c118553cb

    • SHA1

      c59b0aa34638e8991358520e29625bb7fb4e3b6b

    • SHA256

      a7c8390922ecfe4e4be4c9ffff567e91298a8bbf96dc96318305f45ec59f5221

    • SHA512

      6437b6ea8990130f8e69b113f6ec8310e8831a80a2cf7ef1d8d16b323729a89c4a00a8900030e77f5671a7a40971e519731ec22519d98d7af29577dcb5dfe44e

    • SSDEEP

      49152:R1aqCQ3KKia9icS8P80nPIIXQocVHmir6QmEGmNyRzs3X:R1aA37ia9iJ800QIXQocVHoEGV

    Score
    10/10
    systembcdefense_evasiondiscoverytrojan

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Systembc family

      systembc

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      defense_evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      defense_evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks