Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
AppGate2103v01.exe
-
Size
4.3MB
-
Sample
240329-fdk4vaag42
-
MD5
858bb0a3b4fa6a54586402e3ee117076
-
SHA1
997c31f043347883ea5ed2323a558b6cc5ea9c8e
-
SHA256
d97a7fc44bf341b9b2b2e65b46dab4f7d329afe15b4308b5aa56d5bfd7b99d35
-
SHA512
e8374b115f056b5d345c9b5f9c42b3d49e0640d7fad869448f686add6e52b783ecc7fd35ee15a67b944843491a91becf5b7c0bd5603eda01042dd2904c1ad8fd
-
SSDEEP
98304:n64KjpOZP7Gf8oC4felvJoch5wET9ItRmeFa6vcuEDAm:nBKlSPaMlxocM8+tE6kuEMm
Behavioral task
behavioral1
Sample
AppGate2103v01.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
AppGate2103v01.exe
-
Size
4.3MB
-
MD5
858bb0a3b4fa6a54586402e3ee117076
-
SHA1
997c31f043347883ea5ed2323a558b6cc5ea9c8e
-
SHA256
d97a7fc44bf341b9b2b2e65b46dab4f7d329afe15b4308b5aa56d5bfd7b99d35
-
SHA512
e8374b115f056b5d345c9b5f9c42b3d49e0640d7fad869448f686add6e52b783ecc7fd35ee15a67b944843491a91becf5b7c0bd5603eda01042dd2904c1ad8fd
-
SSDEEP
98304:n64KjpOZP7Gf8oC4felvJoch5wET9ItRmeFa6vcuEDAm:nBKlSPaMlxocM8+tE6kuEMm
-
Modifies firewall policy service
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-