Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
65a6440d1811c57370440be7f8ce57db3802f00bd0a09f331af13d547f532437
-
Size
2.3MB
-
Sample
240418-ldvaeaad2z
-
MD5
fd69617fe6a64e1bbbdcbabc5fc50fb3
-
SHA1
6a94b7abe7208b9746c578cf743d4b13c027379b
-
SHA256
65a6440d1811c57370440be7f8ce57db3802f00bd0a09f331af13d547f532437
-
SHA512
037194c0a563a3592295b34a59949276392507ba21e1e75b49843003c449794e7daa7c9f333937b570e55e1ffe54ed5d5940dcab53a15613283a349327a7e828
-
SSDEEP
49152:FeF1xn14NPOcl8V/6U+zyFsOJhdOAddbZmXVFOIJNNHU:A1xn1mOcOV/ECHd6hJN5U
Malware Config
Extracted
risepro
147.45.47.93:58709
Targets
-
-
Target
65a6440d1811c57370440be7f8ce57db3802f00bd0a09f331af13d547f532437
-
Size
2.3MB
-
MD5
fd69617fe6a64e1bbbdcbabc5fc50fb3
-
SHA1
6a94b7abe7208b9746c578cf743d4b13c027379b
-
SHA256
65a6440d1811c57370440be7f8ce57db3802f00bd0a09f331af13d547f532437
-
SHA512
037194c0a563a3592295b34a59949276392507ba21e1e75b49843003c449794e7daa7c9f333937b570e55e1ffe54ed5d5940dcab53a15613283a349327a7e828
-
SSDEEP
49152:FeF1xn14NPOcl8V/6U+zyFsOJhdOAddbZmXVFOIJNNHU:A1xn1mOcOV/ECHd6hJN5U
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-