Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    01a374fe3ad1deed124f4f97310c769c

  • Size

    5.9MB

  • Sample

    231229-x412esaefj

  • MD5

    01a374fe3ad1deed124f4f97310c769c

  • SHA1

    3263e4baf4f3f40f3a7e3a6804fe6576837ed046

  • SHA256

    43e03a6b8656d773bc57f8fa1028ff2049269718e52a11d8de1dc1e44c4ed4c2

  • SHA512

    bb48ea2182b6536c1f84c42491ce2dd3d682e4fbc0c5426577e855f50c7d9a9760130d49b612f92ef38bcc927ac2aa5fd8ee42afcdb8c317876ec0878244d0c3

  • SSDEEP

    98304:8+FghWCae/0NRXygKa6I7wHl3dw+uFmMIZVB8aZIei9kGNQ4Dc9JSXxxPBHKtiOV:8+FXCXhg17wFicvBvZKr3D2yzPEtiOV

Malware Config

Targets

    • Target

      01a374fe3ad1deed124f4f97310c769c

    • Size

      5.9MB

    • MD5

      01a374fe3ad1deed124f4f97310c769c

    • SHA1

      3263e4baf4f3f40f3a7e3a6804fe6576837ed046

    • SHA256

      43e03a6b8656d773bc57f8fa1028ff2049269718e52a11d8de1dc1e44c4ed4c2

    • SHA512

      bb48ea2182b6536c1f84c42491ce2dd3d682e4fbc0c5426577e855f50c7d9a9760130d49b612f92ef38bcc927ac2aa5fd8ee42afcdb8c317876ec0878244d0c3

    • SSDEEP

      98304:8+FghWCae/0NRXygKa6I7wHl3dw+uFmMIZVB8aZIei9kGNQ4Dc9JSXxxPBHKtiOV:8+FXCXhg17wFicvBvZKr3D2yzPEtiOV

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks