Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Batcc_permm.exe
-
Size
3.9MB
-
Sample
231126-xq39mabf2w
-
MD5
316066f39ae143d8223277aa14a44f2e
-
SHA1
f31c203bd986252ae939af3905643046b13ffbd8
-
SHA256
593a5b367baa6b9f70709df1a01b361a88e99da7ce89fa55ad3dacec4cc8acea
-
SHA512
f34f6addaeb0a2bcabc7c6c65b3252ecde63556c66fc46287a900b70e2b84d277f246a96a9ffe7d2b542c92d154da1372ec526c8980e0d24213c9ebf86eb2fee
-
SSDEEP
98304:kHalpo3dMT2/pCPua5bxt9TeJ/QJNBSUbhFS6kTUytwP5hW:EdMT2/pYui9jBJraUbC
Behavioral task
behavioral1
Sample
Batcc_permm.exe
Resource
win10v2004-20231020-en
Malware Config
Targets
-
-
Target
Batcc_permm.exe
-
Size
3.9MB
-
MD5
316066f39ae143d8223277aa14a44f2e
-
SHA1
f31c203bd986252ae939af3905643046b13ffbd8
-
SHA256
593a5b367baa6b9f70709df1a01b361a88e99da7ce89fa55ad3dacec4cc8acea
-
SHA512
f34f6addaeb0a2bcabc7c6c65b3252ecde63556c66fc46287a900b70e2b84d277f246a96a9ffe7d2b542c92d154da1372ec526c8980e0d24213c9ebf86eb2fee
-
SSDEEP
98304:kHalpo3dMT2/pCPua5bxt9TeJ/QJNBSUbhFS6kTUytwP5hW:EdMT2/pYui9jBJraUbC
Score10/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-