Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

REVISED ORDER.exe

windows7-x64

10

REVISED ORDER.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c1eda502f93cfb27ab359369039c72a08e91a6574759affd3a997f261dc7f21c.zip

  • Size

    54KB

  • Sample

    250327-ghwa2sznx5

  • MD5

    69d75d32e0e9478755537bbe66eec266

  • SHA1

    62bb06f5e34978a7e28b764715bbadee1229bf42

  • SHA256

    c1eda502f93cfb27ab359369039c72a08e91a6574759affd3a997f261dc7f21c

  • SHA512

    406fad890511e0f5ec27a1d63327d0533974d6d785b89c882d23ec289e5d64a9c61801f04b77da420f35397a978afec8de4bfc1eeada555db11441774e550a61

  • SSDEEP

    1536:qMLVTQ+wRB8lBjH4PId9e0A/0axz1/rP01rhb2KfbfdZJ:qM53IS7YQDo/0uBrP62MbXJ

Score
10/10
guloaderdiscoverydownloader

Malware Config

Extracted

Family

guloader

C2

http://kiencuonghotel.vn/3month_RwHwwlGA208.bin

Targets

    • Target

      REVISED ORDER.exe

    • Size

      216KB

    • MD5

      5f5a1aaf1ee00e8b0b0b6a62713053a2

    • SHA1

      0caccf489130536d51fa8b210b170434d8b4e388

    • SHA256

      7ab96517f6852c124c82edf441496b2f005b11a4d1feb92f9cbfa2a2bffd1acb

    • SHA512

      6f3138f02db278e4390d3b37bc1c84acb3d92052c290ffc2c732052fa273255f0de4e3b93b4c4f9cf48a7e95bb9a1d37adb2aa6ab6cca4467f36069d3b6086ab

    • SSDEEP

      1536:SKP5h81dkoxFBD8OXZ4zpS8JhHnF9YdGKyj2u2sOqCKjMbx3xxAOBT:5P5uDgOeFJJJItyStqybLKOBT

    Score
    10/10
    guloaderdiscoverydownloader

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent state file

      Checks state file used by QEMU agent, possibly to detect virtualization.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks