Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
BleachCheat.exe
-
Size
7.5MB
-
Sample
240416-bbwekseh9w
-
MD5
4a8752fcb5b8c322f5387dc92b05cc2f
-
SHA1
e8c33f6e69aa5bf323801c678bebf4d8af00a474
-
SHA256
937057dcc1b0772f7169bc46761b73ab2058efd53d9854877370071b9431a447
-
SHA512
153c2d43b2160d6d601722df3c7ea286eb4f8c836bb77653098f3b5096d92cc7bf8f1637eba25385a5c300e5849d6ca384aba1280acbf490ddd377a595b2572c
-
SSDEEP
196608:ddgUfWEkm/wQKES+cjTDTqhLkADK4Wi8nqNk:PIQDS+CTSGU4rqNk
Static task
static1
Behavioral task
behavioral1
Sample
BleachCheat.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
BleachCheat.exe
-
Size
7.5MB
-
MD5
4a8752fcb5b8c322f5387dc92b05cc2f
-
SHA1
e8c33f6e69aa5bf323801c678bebf4d8af00a474
-
SHA256
937057dcc1b0772f7169bc46761b73ab2058efd53d9854877370071b9431a447
-
SHA512
153c2d43b2160d6d601722df3c7ea286eb4f8c836bb77653098f3b5096d92cc7bf8f1637eba25385a5c300e5849d6ca384aba1280acbf490ddd377a595b2572c
-
SSDEEP
196608:ddgUfWEkm/wQKES+cjTDTqhLkADK4Wi8nqNk:PIQDS+CTSGU4rqNk
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Virtualization/Sandbox Evasion
1