Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
afe097293167e1c01714ce97354dc93e5320df95726257e4812a639ddbf6bbb9
-
Size
4.1MB
-
Sample
221127-jmrvjaag33
-
MD5
ee4d326dbbb593c7db09abf102c9d628
-
SHA1
2073b8ec99abe73350c1e59f8d813f729f32cd3d
-
SHA256
afe097293167e1c01714ce97354dc93e5320df95726257e4812a639ddbf6bbb9
-
SHA512
a8d26701890f54099abdf2ff33bc1d11b6c2c6349b1424c4a96fc806c96ef72f76a839e62809a8d44652e19265a50a774e18eddfc0aa757e9033ee0408c6437e
-
SSDEEP
98304:xmCug/lK+w8kzwbRm1I68JyImLwic9orLJLRTLwUDG/fYEY:wkY+h3w1w4WiiorhiX/bY
Static task
static1
Behavioral task
behavioral1
Sample
isilk.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
isilk.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
mBot_iSRO.exe
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
mBot_iSRO.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
isilk.dll
-
Size
79KB
-
MD5
c748b01a4025b120a0ca66a14220aacd
-
SHA1
c401dc1ffd31f8fa6b31bb3be919b17e750f4ed4
-
SHA256
40c14030a0efa65c4ad73871de589ab6808a91d8b72b3ee26b332f22fdc85715
-
SHA512
7ad53a2f8ac47732c65430a51dc7e1d82d3166d3377032d85e089aec5d21b1edff71a25c9d1ead2db78ed35c71e08104730e5228c4215f37329562f6dd98c3df
-
SSDEEP
1536:6ZlB61nPNv+JbedvHXH1Oyxi+4/yOZdZLaDow:cB6gbedvHXH1LxiByOZdID
Score1/10 -
-
-
Target
mBot_iSRO.exe
-
Size
4.1MB
-
MD5
48accfe6093fbf574324c23771c2328a
-
SHA1
5a501139454e893b396af85652998aad9724ad6f
-
SHA256
93315e8b914889d794bf027809752df067b591421e60c5fd829dd1decff255c7
-
SHA512
706572a9abaed144b380b81befe1186f3fb77053e454e40272d970774752883dd937976c184004f92afa3a100fd45310e4714b545ea1a3f0e0def33a28b5d440
-
SSDEEP
98304:nssmsnqUdM0Yse9Sb3yXiT9h39NU6Kc4qyh4UdXBKAclI:ndqUe0JLCXij346J419X7clI
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-