Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    297782811cb69f269c4397e7bb71ce93875d5af3c9477bb0b6b22b11a92b135e

  • Size

    9.8MB

  • Sample

    231207-e28pdaagh3

  • MD5

    0d73e8c3d996fdb9f796472e2270f18e

  • SHA1

    ce891cba235832d3e7a62b899786a215f0c94dff

  • SHA256

    297782811cb69f269c4397e7bb71ce93875d5af3c9477bb0b6b22b11a92b135e

  • SHA512

    592aeea7acbdc214a50e463fc1a424e5c8898b723b8c626216a18bbd24e933e2cd2011d3136ca9307094673f8effb51c8b5a3bf87b397cd9618a30448ae118f6

  • SSDEEP

    196608:9mO/7OgB71cJEfK2DkGztjKWZpoz6QQ+dKFl1x6Ew5ynPnH45u5Hx:9mOjbcJIK2DXhWWpshQ7h6Xy/Y5O

Malware Config

Targets

    • Target

      297782811cb69f269c4397e7bb71ce93875d5af3c9477bb0b6b22b11a92b135e

    • Size

      9.8MB

    • MD5

      0d73e8c3d996fdb9f796472e2270f18e

    • SHA1

      ce891cba235832d3e7a62b899786a215f0c94dff

    • SHA256

      297782811cb69f269c4397e7bb71ce93875d5af3c9477bb0b6b22b11a92b135e

    • SHA512

      592aeea7acbdc214a50e463fc1a424e5c8898b723b8c626216a18bbd24e933e2cd2011d3136ca9307094673f8effb51c8b5a3bf87b397cd9618a30448ae118f6

    • SSDEEP

      196608:9mO/7OgB71cJEfK2DkGztjKWZpoz6QQ+dKFl1x6Ew5ynPnH45u5Hx:9mOjbcJIK2DXhWWpshQ7h6Xy/Y5O

    • FatalRat

      FatalRat is a modular infostealer family written in C++ first appearing in June 2021.

    • Fatal Rat payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks