Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Water X.zip

  • Size

    9.8MB

  • Sample

    230503-jd9nzsdh73

  • MD5

    0193371788f9081650e56b97692dce30

  • SHA1

    335e4dfea227401cc64f22dbba28c6bd6259e65c

  • SHA256

    44235f089fb8a325ccb9266b03c415aaa9d34e6af803eb1c7127fd12327021a0

  • SHA512

    2df41203d6c568ec64ca716f657aee4b204ca188dd298d60789cfd026f89e411c4667597dc053a31f494e975e24babb09d6524852eaad37d7201f6057ac89d31

  • SSDEEP

    196608:oSfLCNcPWflmTc0OXPmxEiGIxHfQM0WIBiTXn+VJsg5EnsqJtqyK:WHz1fmqvIxHfQ1cnVg5E3JtNK

Malware Config

Targets

    • Target

      WaterX/waterx.exe

    • Size

      5.1MB

    • MD5

      6a774cdac85aef960516a02d0a6d504b

    • SHA1

      f7cd4171c42337a938fdb2d6b67191eb492885db

    • SHA256

      517d8ea847af39d0dbe01a53705edfa43a69e4ebf0aeb80bf4cf2beb8961c856

    • SHA512

      6116c93ce51167d705baa6a856b1713ef5c4e54201ce6e7b51ac422cc69b45162fd23534946bd0325881d68a4c070f21a9ad483e3697c6eb5c233458f113e2f7

    • SSDEEP

      98304:LYoQQWXDaQGUK76Iw8T2mx+V+iQgXLDLKZzyNxWIa3zYswKJ/BAw:LYoQNEr76Y6mx+VXJiIGIa3z/wdw

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks