Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
da056e07061c8b22f7d0a40c75e3fce1fdbb5256a8c6592924b1aa104f605e3a
-
Size
1.9MB
-
Sample
240423-bwrbcsah74
-
MD5
60b2c9f8bc7e069e2a33e5010910be90
-
SHA1
b1726bc18e49582e609f9e449a3f7041a00884d7
-
SHA256
da056e07061c8b22f7d0a40c75e3fce1fdbb5256a8c6592924b1aa104f605e3a
-
SHA512
03de35d583f870b99d6dcf0151c2cab96dfd67ddb78eb9921317ae071339b1fd581af0885924f1003928de6a81e353dbac1c4f0164b52d02e0f13dcbc32d9329
-
SSDEEP
24576:1itWKrSormEza5l0GJ8vkTbwoueT73FQaTnX/wiMs6aTzqco3hMaUKqlvs8takX0:YtL/za5ikTb33PX1Ms6a+mdKqlzOn
Static task
static1
Behavioral task
behavioral1
Sample
da056e07061c8b22f7d0a40c75e3fce1fdbb5256a8c6592924b1aa104f605e3a.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
amadey
4.17
http://193.233.132.167
-
install_dir
4d0ab15804
-
install_file
chrosha.exe
-
strings_key
1a9519d7b465e1f4880fa09a6162d768
-
url_paths
/enigma/index.php
Targets
-
-
Target
da056e07061c8b22f7d0a40c75e3fce1fdbb5256a8c6592924b1aa104f605e3a
-
Size
1.9MB
-
MD5
60b2c9f8bc7e069e2a33e5010910be90
-
SHA1
b1726bc18e49582e609f9e449a3f7041a00884d7
-
SHA256
da056e07061c8b22f7d0a40c75e3fce1fdbb5256a8c6592924b1aa104f605e3a
-
SHA512
03de35d583f870b99d6dcf0151c2cab96dfd67ddb78eb9921317ae071339b1fd581af0885924f1003928de6a81e353dbac1c4f0164b52d02e0f13dcbc32d9329
-
SSDEEP
24576:1itWKrSormEza5l0GJ8vkTbwoueT73FQaTnX/wiMs6aTzqco3hMaUKqlvs8takX0:YtL/za5ikTb33PX1Ms6a+mdKqlzOn
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-