Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Zoom.iso
-
Size
256.0MB
-
Sample
221008-3k1jfafhh4
-
MD5
d47a45d25ce3ab24cffffbb389d3fb46
-
SHA1
0c1bc7f0b8a944b921ba688c98d1070e014b3a78
-
SHA256
7436f6600a22e92bcae60ec78335ac8a3306f33c9ba6133649024a95f393e394
-
SHA512
834200e0c8a843047c58f9eabb497295fb18bdbc152b4961f3d7f829f3b57139af9aa5011c9adde4c7c5d42c8fd274aa51ee2273eafe04751500d0072d50233a
-
SSDEEP
98304:qoYnMjGCGOXft+ktOuI9+W3Kp6E+WroakdQeiq+D6pUonqD:qoYnMaZOXf0ksJop6JWrvkriqfUt
Behavioral task
behavioral1
Sample
ZOOM.exe
Resource
win7-20220812-en
Malware Config
Extracted
raccoon
6f89b98c954b97563d917a50d1cf20cf
http://167.114.45.110/
http://15.235.89.55/
http://51.68.28.146/
Targets
-
-
Target
ZOOM.EXE
-
Size
256.0MB
-
MD5
c7267dc5d18ce972fc8a1492d87ab8c2
-
SHA1
2b8794979aef70e4520e96b2ace1cad9d9e12e3a
-
SHA256
c640d3b8eab11989df6a8f63d1addf543dc08cd8cf47570ca9fad40d058ba8ad
-
SHA512
0bc66e4605d72239d9fb3ff95243e1693407e3058a1d98261358dbd757ab0a7631e2ef20b36e7b9b247fbfff17c1cd9545b44aec40905882579930b81e5438cc
-
SSDEEP
98304:/oYnMjGCGOXft+ktOuI9+W3Kp6E+WroakdQeiq+D6pUonqD:/oYnMaZOXf0ksJop6JWrvkriqfUt
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-