Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    50c2d68b67e63e9e58170740ba2380a3.bin

  • Size

    14.3MB

  • Sample

    231220-clrptabag3

  • MD5

    50c2d68b67e63e9e58170740ba2380a3

  • SHA1

    31ca0875a886a87e7f756816a5a3a8a9f0ef4805

  • SHA256

    6f27472247fac75c31c76aedb7823da8429aef16f26d5ab27721686e924cde94

  • SHA512

    6e3ce56f24eac510022716c69ccbd7a1332373b95568b5d985172a7197db8965dc8faccbe91a0be822e62c01adac49f6955c9e86128d8597536bd845a7770306

  • SSDEEP

    196608:OvmwHVRzpgetATsTJbaAzgLPz+hgtrxro+QpqN/+BL5fNWJ+BSNLuk7GFViAk0He:OZ1lATstzYPttroBa+lq+4tUVxFE

Malware Config

Targets

    • Target

      50c2d68b67e63e9e58170740ba2380a3.bin

    • Size

      14.3MB

    • MD5

      50c2d68b67e63e9e58170740ba2380a3

    • SHA1

      31ca0875a886a87e7f756816a5a3a8a9f0ef4805

    • SHA256

      6f27472247fac75c31c76aedb7823da8429aef16f26d5ab27721686e924cde94

    • SHA512

      6e3ce56f24eac510022716c69ccbd7a1332373b95568b5d985172a7197db8965dc8faccbe91a0be822e62c01adac49f6955c9e86128d8597536bd845a7770306

    • SSDEEP

      196608:OvmwHVRzpgetATsTJbaAzgLPz+hgtrxro+QpqN/+BL5fNWJ+BSNLuk7GFViAk0He:OZ1lATstzYPttroBa+lq+4tUVxFE

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Looks for VirtualBox Guest Additions in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks