Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    boulder.dll

  • Size

    9.8MB

  • Sample

    220930-fjrtksceg3

  • MD5

    5da411ab2fa2543cfa19f5efdfb28f9b

  • SHA1

    220d4a6c59fcac9d036d530ec737576e7259a5d0

  • SHA256

    23cf42f273679addee762966ea00d7738a2ba27380087c59b7fc646f03a6f4db

  • SHA512

    84f9a08ff31355bac32313ee865cc795854390d95d8950a77de050d7c3a2057d1d405cd1aec2a9233e6902a7c3b1b6cf284ad1a80ba9f56e2221d25f17f48e69

  • SSDEEP

    196608:sSokuRK5a6hrR/ENcdd0dLD/OCm7rc5cmgThB+97Yc/0nNB6RNbs:gZkrJEeQvV35VEhzYQwY

Malware Config

Targets

    • Target

      boulder.dll

    • Size

      9.8MB

    • MD5

      5da411ab2fa2543cfa19f5efdfb28f9b

    • SHA1

      220d4a6c59fcac9d036d530ec737576e7259a5d0

    • SHA256

      23cf42f273679addee762966ea00d7738a2ba27380087c59b7fc646f03a6f4db

    • SHA512

      84f9a08ff31355bac32313ee865cc795854390d95d8950a77de050d7c3a2057d1d405cd1aec2a9233e6902a7c3b1b6cf284ad1a80ba9f56e2221d25f17f48e69

    • SSDEEP

      196608:sSokuRK5a6hrR/ENcdd0dLD/OCm7rc5cmgThB+97Yc/0nNB6RNbs:gZkrJEeQvV35VEhzYQwY

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks