Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5c96016a468b97f80583b04b4d72d5f73576f7bbb9227c24612019377b8b0623

  • Size

    960KB

  • Sample

    230904-2ln2cscb57

  • MD5

    1a173f8fb5505e4b41a4dac9f3cb638a

  • SHA1

    965f6d7d70e00b1f8050b3f3e1b59c5e2a437558

  • SHA256

    5c96016a468b97f80583b04b4d72d5f73576f7bbb9227c24612019377b8b0623

  • SHA512

    aaff59cd2e3c0c5af75a59836b9a94fa6b9a6eaee2a04b36a4825b393d4eafed12c0dfd9639978d80e6a59b3d557560f39e2bdacc60dbf0a7df4885cc3052ea5

  • SSDEEP

    24576:r9POTuyNVxSnULWgUO7BLvceXHphatxFCuG:r9PkumOULWgHBbhJgtxFm

Malware Config

Targets

    • Target

      5c96016a468b97f80583b04b4d72d5f73576f7bbb9227c24612019377b8b0623

    • Size

      960KB

    • MD5

      1a173f8fb5505e4b41a4dac9f3cb638a

    • SHA1

      965f6d7d70e00b1f8050b3f3e1b59c5e2a437558

    • SHA256

      5c96016a468b97f80583b04b4d72d5f73576f7bbb9227c24612019377b8b0623

    • SHA512

      aaff59cd2e3c0c5af75a59836b9a94fa6b9a6eaee2a04b36a4825b393d4eafed12c0dfd9639978d80e6a59b3d557560f39e2bdacc60dbf0a7df4885cc3052ea5

    • SSDEEP

      24576:r9POTuyNVxSnULWgUO7BLvceXHphatxFCuG:r9PkumOULWgHBbhJgtxFm

    • FatalRat

      FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

    • Fatal Rat payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks