Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Alien_Wooferr.exe
-
Size
3.8MB
-
Sample
231014-3gd62aec64
-
MD5
07df8b71759fd825a418a7075d4d0552
-
SHA1
61e116200e4c2119795ffb14ee3221b6022f8141
-
SHA256
b5c05c9af1f689f1967fb86b3bea8e6b0a72194c60ec7e7603ff0bfb772ddfc7
-
SHA512
fdfa5133eb4df7f6b358556d0f223cba8152ec9dab3efa6fe7c057fa3cf12ef582d4eed8056cd9c3eddd01bb7df1565aeabd200fe608401cc6fa0a32e867268f
-
SSDEEP
98304:HIm+0/3Os0J+4kgN37+RjDck6XQ1z0LLlxdBmPab:Hq0/+sM6gNAfcDaomP8
Behavioral task
behavioral1
Sample
Alien_Wooferr.exe
Resource
win7-20230831-en
Malware Config
Targets
-
-
Target
Alien_Wooferr.exe
-
Size
3.8MB
-
MD5
07df8b71759fd825a418a7075d4d0552
-
SHA1
61e116200e4c2119795ffb14ee3221b6022f8141
-
SHA256
b5c05c9af1f689f1967fb86b3bea8e6b0a72194c60ec7e7603ff0bfb772ddfc7
-
SHA512
fdfa5133eb4df7f6b358556d0f223cba8152ec9dab3efa6fe7c057fa3cf12ef582d4eed8056cd9c3eddd01bb7df1565aeabd200fe608401cc6fa0a32e867268f
-
SSDEEP
98304:HIm+0/3Os0J+4kgN37+RjDck6XQ1z0LLlxdBmPab:Hq0/+sM6gNAfcDaomP8
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-