Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

EXO_V5.exe

windows7-x64

9

EXO_V5.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    EXO_V5.exe

  • Size

    4.0MB

  • Sample

    220907-ztzfyschh9

  • MD5

    1553d7bc2f09e7477e1e6dbb67199f94

  • SHA1

    fe9f43aa44c6b4912a8403e6494b8ae27933dc8c

  • SHA256

    11f4c19dd5f3558a1316b00a3518c88388d5ea893eed1ef8a3d482d0e40be6f3

  • SHA512

    cd5433fbc94f548823d25ae4107d916d54fbc8ba3644d0b21115a2edf36a07f97f785d155061d177f934da0af14092cb5acaa494feffbfbd3986968eacc6892d

  • SSDEEP

    98304:Fcs7PbvtLQkH1K5iUK7vgX7WFhMBdEXFCtMi0eRsKY:mYbWkVK5iO7diCt7E

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      EXO_V5.exe

    • Size

      4.0MB

    • MD5

      1553d7bc2f09e7477e1e6dbb67199f94

    • SHA1

      fe9f43aa44c6b4912a8403e6494b8ae27933dc8c

    • SHA256

      11f4c19dd5f3558a1316b00a3518c88388d5ea893eed1ef8a3d482d0e40be6f3

    • SHA512

      cd5433fbc94f548823d25ae4107d916d54fbc8ba3644d0b21115a2edf36a07f97f785d155061d177f934da0af14092cb5acaa494feffbfbd3986968eacc6892d

    • SSDEEP

      98304:Fcs7PbvtLQkH1K5iUK7vgX7WFhMBdEXFCtMi0eRsKY:mYbWkVK5iO7diCt7E

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Stops running service(s)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks