Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Water X.zip
-
Size
9.8MB
-
Sample
230503-jd9nzsdh73
-
MD5
0193371788f9081650e56b97692dce30
-
SHA1
335e4dfea227401cc64f22dbba28c6bd6259e65c
-
SHA256
44235f089fb8a325ccb9266b03c415aaa9d34e6af803eb1c7127fd12327021a0
-
SHA512
2df41203d6c568ec64ca716f657aee4b204ca188dd298d60789cfd026f89e411c4667597dc053a31f494e975e24babb09d6524852eaad37d7201f6057ac89d31
-
SSDEEP
196608:oSfLCNcPWflmTc0OXPmxEiGIxHfQM0WIBiTXn+VJsg5EnsqJtqyK:WHz1fmqvIxHfQ1cnVg5E3JtNK
Behavioral task
behavioral1
Sample
WaterX/waterx.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
WaterX/waterx.exe
-
Size
5.1MB
-
MD5
6a774cdac85aef960516a02d0a6d504b
-
SHA1
f7cd4171c42337a938fdb2d6b67191eb492885db
-
SHA256
517d8ea847af39d0dbe01a53705edfa43a69e4ebf0aeb80bf4cf2beb8961c856
-
SHA512
6116c93ce51167d705baa6a856b1713ef5c4e54201ce6e7b51ac422cc69b45162fd23534946bd0325881d68a4c070f21a9ad483e3697c6eb5c233458f113e2f7
-
SSDEEP
98304:LYoQQWXDaQGUK76Iw8T2mx+V+iQgXLDLKZzyNxWIa3zYswKJ/BAw:LYoQNEr76Y6mx+VXJiIGIa3z/wdw
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-