Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    afe097293167e1c01714ce97354dc93e5320df95726257e4812a639ddbf6bbb9

  • Size

    4.1MB

  • Sample

    221127-jmrvjaag33

  • MD5

    ee4d326dbbb593c7db09abf102c9d628

  • SHA1

    2073b8ec99abe73350c1e59f8d813f729f32cd3d

  • SHA256

    afe097293167e1c01714ce97354dc93e5320df95726257e4812a639ddbf6bbb9

  • SHA512

    a8d26701890f54099abdf2ff33bc1d11b6c2c6349b1424c4a96fc806c96ef72f76a839e62809a8d44652e19265a50a774e18eddfc0aa757e9033ee0408c6437e

  • SSDEEP

    98304:xmCug/lK+w8kzwbRm1I68JyImLwic9orLJLRTLwUDG/fYEY:wkY+h3w1w4WiiorhiX/bY

Malware Config

Targets

    • Target

      isilk.dll

    • Size

      79KB

    • MD5

      c748b01a4025b120a0ca66a14220aacd

    • SHA1

      c401dc1ffd31f8fa6b31bb3be919b17e750f4ed4

    • SHA256

      40c14030a0efa65c4ad73871de589ab6808a91d8b72b3ee26b332f22fdc85715

    • SHA512

      7ad53a2f8ac47732c65430a51dc7e1d82d3166d3377032d85e089aec5d21b1edff71a25c9d1ead2db78ed35c71e08104730e5228c4215f37329562f6dd98c3df

    • SSDEEP

      1536:6ZlB61nPNv+JbedvHXH1Oyxi+4/yOZdZLaDow:cB6gbedvHXH1LxiByOZdID

    Score
    1/10
    • Target

      mBot_iSRO.exe

    • Size

      4.1MB

    • MD5

      48accfe6093fbf574324c23771c2328a

    • SHA1

      5a501139454e893b396af85652998aad9724ad6f

    • SHA256

      93315e8b914889d794bf027809752df067b591421e60c5fd829dd1decff255c7

    • SHA512

      706572a9abaed144b380b81befe1186f3fb77053e454e40272d970774752883dd937976c184004f92afa3a100fd45310e4714b545ea1a3f0e0def33a28b5d440

    • SSDEEP

      98304:nssmsnqUdM0Yse9Sb3yXiT9h39NU6Kc4qyh4UdXBKAclI:ndqUe0JLCXij346J419X7clI

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks