Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5c96016a468b97f80583b04b4d72d5f73576f7bbb9227c24612019377b8b0623
-
Size
960KB
-
Sample
230904-2ln2cscb57
-
MD5
1a173f8fb5505e4b41a4dac9f3cb638a
-
SHA1
965f6d7d70e00b1f8050b3f3e1b59c5e2a437558
-
SHA256
5c96016a468b97f80583b04b4d72d5f73576f7bbb9227c24612019377b8b0623
-
SHA512
aaff59cd2e3c0c5af75a59836b9a94fa6b9a6eaee2a04b36a4825b393d4eafed12c0dfd9639978d80e6a59b3d557560f39e2bdacc60dbf0a7df4885cc3052ea5
-
SSDEEP
24576:r9POTuyNVxSnULWgUO7BLvceXHphatxFCuG:r9PkumOULWgHBbhJgtxFm
Static task
static1
Behavioral task
behavioral1
Sample
5c96016a468b97f80583b04b4d72d5f73576f7bbb9227c24612019377b8b0623.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
5c96016a468b97f80583b04b4d72d5f73576f7bbb9227c24612019377b8b0623.exe
Resource
win10v2004-20230831-en
Malware Config
Targets
-
-
Target
5c96016a468b97f80583b04b4d72d5f73576f7bbb9227c24612019377b8b0623
-
Size
960KB
-
MD5
1a173f8fb5505e4b41a4dac9f3cb638a
-
SHA1
965f6d7d70e00b1f8050b3f3e1b59c5e2a437558
-
SHA256
5c96016a468b97f80583b04b4d72d5f73576f7bbb9227c24612019377b8b0623
-
SHA512
aaff59cd2e3c0c5af75a59836b9a94fa6b9a6eaee2a04b36a4825b393d4eafed12c0dfd9639978d80e6a59b3d557560f39e2bdacc60dbf0a7df4885cc3052ea5
-
SSDEEP
24576:r9POTuyNVxSnULWgUO7BLvceXHphatxFCuG:r9PkumOULWgHBbhJgtxFm
Score10/10-
FatalRat
FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
-
Fatal Rat payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-