Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
aa3d40c34d88ebc024f798e3e5a720e6cd7f6f447cdfbbead1f0c5bba72d4312
-
Size
5.4MB
-
Sample
231011-mfm5jsae82
-
MD5
380b17feab2c2dc51b7940a95295678e
-
SHA1
d39bb6eabdf04e535737f77ef838f5ad6bdb4b6a
-
SHA256
aa3d40c34d88ebc024f798e3e5a720e6cd7f6f447cdfbbead1f0c5bba72d4312
-
SHA512
728c01575152a1b8637bba1db1078e3c66e8631351c18ec55c4356e26af1fcd16b5d9698058e4247b7e43c5090f173b19d81664b1c60b03b6e98cb3f6a278c3e
-
SSDEEP
98304:c6te5FnoajcsPJRRCsA7J//OaHvQyqW9oe4+JOijZdMAuaKzG3gu5:c75ZxPJRRy7h/8yh13jZSAuaqGwC
Behavioral task
behavioral1
Sample
aa3d40c34d88ebc024f798e3e5a720e6cd7f6f447cdfbbead1f0c5bba72d4312.exe
Resource
win7-20230831-en
Malware Config
Targets
-
-
Target
aa3d40c34d88ebc024f798e3e5a720e6cd7f6f447cdfbbead1f0c5bba72d4312
-
Size
5.4MB
-
MD5
380b17feab2c2dc51b7940a95295678e
-
SHA1
d39bb6eabdf04e535737f77ef838f5ad6bdb4b6a
-
SHA256
aa3d40c34d88ebc024f798e3e5a720e6cd7f6f447cdfbbead1f0c5bba72d4312
-
SHA512
728c01575152a1b8637bba1db1078e3c66e8631351c18ec55c4356e26af1fcd16b5d9698058e4247b7e43c5090f173b19d81664b1c60b03b6e98cb3f6a278c3e
-
SSDEEP
98304:c6te5FnoajcsPJRRCsA7J//OaHvQyqW9oe4+JOijZdMAuaKzG3gu5:c75ZxPJRRy7h/8yh13jZSAuaqGwC
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-