Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
81ed47a991b51ac416d56e87a29a9e1e.bin
-
Size
4.4MB
-
Sample
231229-cdpv9acaar
-
MD5
6cf93d12833263026396667784477cfa
-
SHA1
07b26ae6d7a5c561032fdcca3c866bd0ba27191a
-
SHA256
decbcf05edc76dd31fbf2e2eefb16305e4086c0b0d8df47e5d4631433e9387f5
-
SHA512
c47362537a0bbe60a4cab74a0fb6c5d8bb293551732cbb3bddd946521d3ba7be26f96a93422b1d1804bf8c73ee1db16de2b5f1ca0329ee6eb084db27e7e5a382
-
SSDEEP
98304:NmlyqrxFJuNxjBjEZlG+oPclRdJDSTUSwn3IMIlE8DwbF0X5:NqYTyycl4TUSwn3IMDY5
Static task
static1
Behavioral task
behavioral1
Sample
ead72d1eb42fc44e002ff76e006620db8308a34c3dd728df0fc26905b149ae29.exe
Resource
win7-20231215-en
Malware Config
Extracted
amadey
4.13
http://185.172.128.5
-
install_dir
4fdb51ccdc
-
install_file
Utsysc.exe
-
strings_key
11bb398ff31ee80d2c37571aecd1d36d
-
url_paths
/v8sjh3hs8/index.php
Targets
-
-
Target
ead72d1eb42fc44e002ff76e006620db8308a34c3dd728df0fc26905b149ae29.exe
-
Size
4.4MB
-
MD5
81ed47a991b51ac416d56e87a29a9e1e
-
SHA1
0532b1052beed07bb9243e819b4dd5c3343120eb
-
SHA256
ead72d1eb42fc44e002ff76e006620db8308a34c3dd728df0fc26905b149ae29
-
SHA512
1ee538bf29b583d591539f6352c1dfa3cd8b5d445384af73f8745e0dc98fc15cd0e886e9d4c3b9c6cb09f554bff77bc7ef58596f84c851303e619902eb4aea62
-
SSDEEP
98304:Weekh63DHMYli6N3ZngCekllw5HON7IZGwTT5MCMBwxQf+0b:Weu3DHJ9RplwxOqEA5MdWxQd
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-