Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Temporary_5.1.zip
-
Size
14.5MB
-
Sample
240426-wypkrshd44
-
MD5
125cbe8235f1a3c72cc084007642d1f2
-
SHA1
13e67c135573282ad6a6c7270a0d33ab6ec05199
-
SHA256
33312e865036d29c0227ae671f3775da7e8e1e2ee8519b715855f992803f563f
-
SHA512
c1a55fc55f316bb1ba4456319a4cf66d700de90300946e1d0a15221d2cacbd3486602839148dfb2dfec3bcab3eda6517cdda50fb42aefdfbced9479c9b0fd643
-
SSDEEP
393216:lyHfkUxcrpsRdwhaipOf+s6xK0/hLK/mC56JHJpnAG/LtR:E/DcrubipO+syKu+mq6JHJpnAsLD
Malware Config
Targets
-
-
Target
Chaos.exe
-
Size
14.1MB
-
MD5
b9405adf00a11f94e349d534e49a4534
-
SHA1
368457e5a4f15ec703771f1927abe38965122ae6
-
SHA256
5dc3ecc44e46e3e85c42d776d4339ae9cccfc713015653c2ce5769595f25e8e5
-
SHA512
50e7fe4be4eb7ae22e589b78b364dcec9e35a943565f442fa7b973700b4b3cd90a73e5a861807b177f9fe4e7b5f4f58300800a04930609f579372251b119a2e1
-
SSDEEP
393216:hoNAOpKX0i+CyVekksTbATAxm7l4fionEK62vUnH:hSpKXf+C3sPAT0mBuionl6CUnH
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-