Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Electron.exe
-
Size
4.0MB
-
Sample
231105-z46b9aee94
-
MD5
5aad6da9eb1e06fb7a249afc9f4927a8
-
SHA1
c603222e26d5f43a1b5f6fc5347f44ca52df0a58
-
SHA256
83394afef201b339640f94c5d7a054be01a94852edda1efb154de52cd49203e8
-
SHA512
2b997dea2fffc33720bb400d46d3c41549be4481c6dc0e7016a657bab01cf1b4cf35419ea421231c787ea8e3379b97725ac0766575b51b13f723cf21ec302de8
-
SSDEEP
98304:CibxzWoWCzGKFeRWCcqnfN7WSxP1l/RcblYTT4ROHiq1mOc9d8:Cibx/WWFCjJWblw4ROCq10
Static task
static1
Malware Config
Extracted
gozi
Targets
-
-
Target
Electron.exe
-
Size
4.0MB
-
MD5
5aad6da9eb1e06fb7a249afc9f4927a8
-
SHA1
c603222e26d5f43a1b5f6fc5347f44ca52df0a58
-
SHA256
83394afef201b339640f94c5d7a054be01a94852edda1efb154de52cd49203e8
-
SHA512
2b997dea2fffc33720bb400d46d3c41549be4481c6dc0e7016a657bab01cf1b4cf35419ea421231c787ea8e3379b97725ac0766575b51b13f723cf21ec302de8
-
SSDEEP
98304:CibxzWoWCzGKFeRWCcqnfN7WSxP1l/RcblYTT4ROHiq1mOc9d8:Cibx/WWFCjJWblw4ROCq10
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-