Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8fc9df6aa2a9eb204d59dd0e41e811dba6e26841358e2e594e68d0515b709d25

  • Size

    2.2MB

  • Sample

    240409-gr5ababg5z

  • MD5

    c06b16ec7232eed0e758312f25d276b8

  • SHA1

    bb8eaa4f3a2b6beb82f6566522630c31f8977a44

  • SHA256

    8fc9df6aa2a9eb204d59dd0e41e811dba6e26841358e2e594e68d0515b709d25

  • SHA512

    9c7dbf7d6a2bd8c5d75bf2d0c015e0ce552f06dcf1836047af7b04e54d76b718a5dcbfdecae8d28ef9db55953fcc74ff8e09408e38b08e06c068cf07bdd2e5b5

  • SSDEEP

    49152:as9NRR5MmyC8ZCY/ETnKj9nHp8UyKOreY3drQIf6wUHNBT:aQNRGEVE9HWXdrawKN

Score
10/10

Malware Config

Targets

    • Target

      8fc9df6aa2a9eb204d59dd0e41e811dba6e26841358e2e594e68d0515b709d25

    • Size

      2.2MB

    • MD5

      c06b16ec7232eed0e758312f25d276b8

    • SHA1

      bb8eaa4f3a2b6beb82f6566522630c31f8977a44

    • SHA256

      8fc9df6aa2a9eb204d59dd0e41e811dba6e26841358e2e594e68d0515b709d25

    • SHA512

      9c7dbf7d6a2bd8c5d75bf2d0c015e0ce552f06dcf1836047af7b04e54d76b718a5dcbfdecae8d28ef9db55953fcc74ff8e09408e38b08e06c068cf07bdd2e5b5

    • SSDEEP

      49152:as9NRR5MmyC8ZCY/ETnKj9nHp8UyKOreY3drQIf6wUHNBT:aQNRGEVE9HWXdrawKN

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks