Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
54216089caced6f6d45d6a35dcc47b5640b847d6b3a136d005a73e79c765443d
-
Size
8.3MB
-
Sample
240425-197ypsfh78
-
MD5
64b25f16d49a37f436c63e1775b198da
-
SHA1
804da5dffaf421cb29adc2db00a0b4320b043aba
-
SHA256
54216089caced6f6d45d6a35dcc47b5640b847d6b3a136d005a73e79c765443d
-
SHA512
e23b748fdfe9398829f49fddb920c736afc6f97091a676a0e10a4f5f87c55e9c758459390157d16a765967103e734be0341482b449d378b34cdeb28bff394a19
-
SSDEEP
196608:S3N/DIuePUUHrzIlczP7BnjKqgQctFUn3Bf+IL0WmF1Vt:Sd/DIzcUHraKP7BjRgQf3VgfVt
Static task
static1
Behavioral task
behavioral1
Sample
54216089caced6f6d45d6a35dcc47b5640b847d6b3a136d005a73e79c765443d.exe
Resource
win7-20240221-en
Malware Config
Extracted
risepro
193.233.132.253:50500
Targets
-
-
Target
54216089caced6f6d45d6a35dcc47b5640b847d6b3a136d005a73e79c765443d
-
Size
8.3MB
-
MD5
64b25f16d49a37f436c63e1775b198da
-
SHA1
804da5dffaf421cb29adc2db00a0b4320b043aba
-
SHA256
54216089caced6f6d45d6a35dcc47b5640b847d6b3a136d005a73e79c765443d
-
SHA512
e23b748fdfe9398829f49fddb920c736afc6f97091a676a0e10a4f5f87c55e9c758459390157d16a765967103e734be0341482b449d378b34cdeb28bff394a19
-
SSDEEP
196608:S3N/DIuePUUHrzIlczP7BnjKqgQctFUn3Bf+IL0WmF1Vt:Sd/DIzcUHraKP7BjRgQf3VgfVt
-
Detects DLL dropped by Raspberry Robin.
Raspberry Robin.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-