Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Temporary_5.1.zip

  • Size

    14.5MB

  • Sample

    240426-wypkrshd44

  • MD5

    125cbe8235f1a3c72cc084007642d1f2

  • SHA1

    13e67c135573282ad6a6c7270a0d33ab6ec05199

  • SHA256

    33312e865036d29c0227ae671f3775da7e8e1e2ee8519b715855f992803f563f

  • SHA512

    c1a55fc55f316bb1ba4456319a4cf66d700de90300946e1d0a15221d2cacbd3486602839148dfb2dfec3bcab3eda6517cdda50fb42aefdfbced9479c9b0fd643

  • SSDEEP

    393216:lyHfkUxcrpsRdwhaipOf+s6xK0/hLK/mC56JHJpnAG/LtR:E/DcrubipO+syKu+mq6JHJpnAsLD

Malware Config

Targets

    • Target

      Chaos.exe

    • Size

      14.1MB

    • MD5

      b9405adf00a11f94e349d534e49a4534

    • SHA1

      368457e5a4f15ec703771f1927abe38965122ae6

    • SHA256

      5dc3ecc44e46e3e85c42d776d4339ae9cccfc713015653c2ce5769595f25e8e5

    • SHA512

      50e7fe4be4eb7ae22e589b78b364dcec9e35a943565f442fa7b973700b4b3cd90a73e5a861807b177f9fe4e7b5f4f58300800a04930609f579372251b119a2e1

    • SSDEEP

      393216:hoNAOpKX0i+CyVekksTbATAxm7l4fionEK62vUnH:hSpKXf+C3sPAT0mBuionl6CUnH

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks