Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
297782811cb69f269c4397e7bb71ce93875d5af3c9477bb0b6b22b11a92b135e
-
Size
9.8MB
-
Sample
231207-e28pdaagh3
-
MD5
0d73e8c3d996fdb9f796472e2270f18e
-
SHA1
ce891cba235832d3e7a62b899786a215f0c94dff
-
SHA256
297782811cb69f269c4397e7bb71ce93875d5af3c9477bb0b6b22b11a92b135e
-
SHA512
592aeea7acbdc214a50e463fc1a424e5c8898b723b8c626216a18bbd24e933e2cd2011d3136ca9307094673f8effb51c8b5a3bf87b397cd9618a30448ae118f6
-
SSDEEP
196608:9mO/7OgB71cJEfK2DkGztjKWZpoz6QQ+dKFl1x6Ew5ynPnH45u5Hx:9mOjbcJIK2DXhWWpshQ7h6Xy/Y5O
Malware Config
Targets
-
-
Target
297782811cb69f269c4397e7bb71ce93875d5af3c9477bb0b6b22b11a92b135e
-
Size
9.8MB
-
MD5
0d73e8c3d996fdb9f796472e2270f18e
-
SHA1
ce891cba235832d3e7a62b899786a215f0c94dff
-
SHA256
297782811cb69f269c4397e7bb71ce93875d5af3c9477bb0b6b22b11a92b135e
-
SHA512
592aeea7acbdc214a50e463fc1a424e5c8898b723b8c626216a18bbd24e933e2cd2011d3136ca9307094673f8effb51c8b5a3bf87b397cd9618a30448ae118f6
-
SSDEEP
196608:9mO/7OgB71cJEfK2DkGztjKWZpoz6QQ+dKFl1x6Ew5ynPnH45u5Hx:9mOjbcJIK2DXhWWpshQ7h6Xy/Y5O
Score10/10-
FatalRat
FatalRat is a modular infostealer family written in C++ first appearing in June 2021.
-
Fatal Rat payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-