Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Slap - Copia - Copia.zip

  • Size

    17.5MB

  • Sample

    240423-b5xvhabc6z

  • MD5

    e9c72f6f2083ca0935e418cd6f3d97ae

  • SHA1

    0c24eb62a79847f439d854b4abf5124e08288148

  • SHA256

    3a30a8a5dbe77d31b890b995f99051fa2b1add4a4edc0969754b9acd35ec9309

  • SHA512

    bc76a12082b01cf938329582b2c6a0a899501ac27f4c3b068a1d2e3fcf40fac5b2f04add4af2a3c4b79ddb5f1e3f775e4eb20c611b74bc248b621db1a85ae3df

  • SSDEEP

    393216:ZoddfnVT528ZIeoAG0e2bodlZtFYb8vi5qbBnaPdfCzA5:ZaddT0KIeZvbbalzFYb8vJnatCk

Malware Config

Targets

    • Target

      Slap - Copia - Copia.zip

    • Size

      17.5MB

    • MD5

      e9c72f6f2083ca0935e418cd6f3d97ae

    • SHA1

      0c24eb62a79847f439d854b4abf5124e08288148

    • SHA256

      3a30a8a5dbe77d31b890b995f99051fa2b1add4a4edc0969754b9acd35ec9309

    • SHA512

      bc76a12082b01cf938329582b2c6a0a899501ac27f4c3b068a1d2e3fcf40fac5b2f04add4af2a3c4b79ddb5f1e3f775e4eb20c611b74bc248b621db1a85ae3df

    • SSDEEP

      393216:ZoddfnVT528ZIeoAG0e2bodlZtFYb8vi5qbBnaPdfCzA5:ZaddT0KIeZvbbalzFYb8vJnatCk

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks