Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    65a6440d1811c57370440be7f8ce57db3802f00bd0a09f331af13d547f532437

  • Size

    2.3MB

  • Sample

    240418-ldvaeaad2z

  • MD5

    fd69617fe6a64e1bbbdcbabc5fc50fb3

  • SHA1

    6a94b7abe7208b9746c578cf743d4b13c027379b

  • SHA256

    65a6440d1811c57370440be7f8ce57db3802f00bd0a09f331af13d547f532437

  • SHA512

    037194c0a563a3592295b34a59949276392507ba21e1e75b49843003c449794e7daa7c9f333937b570e55e1ffe54ed5d5940dcab53a15613283a349327a7e828

  • SSDEEP

    49152:FeF1xn14NPOcl8V/6U+zyFsOJhdOAddbZmXVFOIJNNHU:A1xn1mOcOV/ECHd6hJN5U

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Targets

    • Target

      65a6440d1811c57370440be7f8ce57db3802f00bd0a09f331af13d547f532437

    • Size

      2.3MB

    • MD5

      fd69617fe6a64e1bbbdcbabc5fc50fb3

    • SHA1

      6a94b7abe7208b9746c578cf743d4b13c027379b

    • SHA256

      65a6440d1811c57370440be7f8ce57db3802f00bd0a09f331af13d547f532437

    • SHA512

      037194c0a563a3592295b34a59949276392507ba21e1e75b49843003c449794e7daa7c9f333937b570e55e1ffe54ed5d5940dcab53a15613283a349327a7e828

    • SSDEEP

      49152:FeF1xn14NPOcl8V/6U+zyFsOJhdOAddbZmXVFOIJNNHU:A1xn1mOcOV/ECHd6hJN5U

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks