5edbcdd6380eabd88f4c59058b507b5ebdabd2c347f73ec9cf18305ff872cdd4 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

5edbcdd638...d4.exe

windows7-x64

9

5edbcdd638...d4.exe

windows10-2004-x64

9

Sharing

General

Target

5edbcdd6380eabd88f4c59058b507b5ebdabd2c347f73ec9cf18305ff872cdd4
Size

3.4MB
Sample

240410-ndhmqadf94
MD5

6f42a8dc61ec71369186c039b2bfabf2
SHA1

8340a9bbae0ff573a2ea103d7cbbb34c20b6027d
SHA256

5edbcdd6380eabd88f4c59058b507b5ebdabd2c347f73ec9cf18305ff872cdd4
SHA512

c79f1906fd1ebc1c303d544be841ca2f5fbc5e8603d9563791392995e9288eb7401124f584d9f531de62f7bf3dc9136c50df4d84648d87eab925d660d065c041
SSDEEP

98304:nVo7S0N0eZwNLxVPXkquQb8J+0tuqjozp/M:nVmDBZwSqb++0tToz6

Score

9^/10

evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5edbcdd6380eabd88f4c59058b507b5ebdabd2c347f73ec9cf18305ff872cdd4.exe

Resource

win7-20240221-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

5edbcdd6380eabd88f4c59058b507b5ebdabd2c347f73ec9cf18305ff872cdd4.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  5edbcdd6380eabd88f4c59058b507b5ebdabd2c347f73ec9cf18305ff872cdd4
- Size
  
  3.4MB
- MD5
  
  6f42a8dc61ec71369186c039b2bfabf2
- SHA1
  
  8340a9bbae0ff573a2ea103d7cbbb34c20b6027d
- SHA256
  
  5edbcdd6380eabd88f4c59058b507b5ebdabd2c347f73ec9cf18305ff872cdd4
- SHA512
  
  c79f1906fd1ebc1c303d544be841ca2f5fbc5e8603d9563791392995e9288eb7401124f584d9f531de62f7bf3dc9136c50df4d84648d87eab925d660d065c041
- SSDEEP
  
  98304:nVo7S0N0eZwNLxVPXkquQb8J+0tuqjozp/M:nVmDBZwSqb++0tToz6
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.