Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a453c72f70300b3ffbafefe87396342061b8b847e68eba4891b51ab1b7edfb08
-
Size
646KB
-
Sample
220701-dsvwgshgfk
-
MD5
8fba405998aa281996ace0b5bf72f100
-
SHA1
d2493023ab0cb67151bcd7db9fff2f06e46840d3
-
SHA256
a453c72f70300b3ffbafefe87396342061b8b847e68eba4891b51ab1b7edfb08
-
SHA512
67038ef7123827f4a1510475abd5a5b726ef33ca7f84f5418af09c0c3594ee2404e62f301be8bfbb728d2e5500e78dabfb1f8fa52f10ae24b02dff11785a493b
Malware Config
Targets
-
-
Target
a453c72f70300b3ffbafefe87396342061b8b847e68eba4891b51ab1b7edfb08
-
Size
646KB
-
MD5
8fba405998aa281996ace0b5bf72f100
-
SHA1
d2493023ab0cb67151bcd7db9fff2f06e46840d3
-
SHA256
a453c72f70300b3ffbafefe87396342061b8b847e68eba4891b51ab1b7edfb08
-
SHA512
67038ef7123827f4a1510475abd5a5b726ef33ca7f84f5418af09c0c3594ee2404e62f301be8bfbb728d2e5500e78dabfb1f8fa52f10ae24b02dff11785a493b
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Phoenix Keylogger
Phoenix is a keylogger and info stealer first seen in July 2019.
-
Phoenix Keylogger Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Windows security modification
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-