Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    lasservices_spoofer.exe

  • Size

    11.0MB

  • Sample

    240224-kcq1xsfb9y

  • MD5

    09bbb184c9a6e587b0f40492723e604f

  • SHA1

    4bbcfa112b1cf36b138d463a7e6a99fbe94754eb

  • SHA256

    6235dcfcc025b267404345ac9cbab036edd2e17b7f1c3009374042204d380b21

  • SHA512

    906402ea905c08ce33690ce6d8b04e20ba50537ccd66e5422a27b1899960d2501ac693d5d06045bb68fd755f5c454ea8d319042f5383cc579e113c541e405317

  • SSDEEP

    196608:JGluENPKd3fjqfnHzW2JmMf8PzHm1ufh6Bffpf5YUAyQ:Ml5RKJqPaMQa1ufh6BZyUAN

Malware Config

Targets

    • Target

      lasservices_spoofer.exe

    • Size

      11.0MB

    • MD5

      09bbb184c9a6e587b0f40492723e604f

    • SHA1

      4bbcfa112b1cf36b138d463a7e6a99fbe94754eb

    • SHA256

      6235dcfcc025b267404345ac9cbab036edd2e17b7f1c3009374042204d380b21

    • SHA512

      906402ea905c08ce33690ce6d8b04e20ba50537ccd66e5422a27b1899960d2501ac693d5d06045bb68fd755f5c454ea8d319042f5383cc579e113c541e405317

    • SSDEEP

      196608:JGluENPKd3fjqfnHzW2JmMf8PzHm1ufh6Bffpf5YUAyQ:Ml5RKJqPaMQa1ufh6BZyUAN

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Looks for VirtualBox Guest Additions in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks