Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
256158683a6f1768975bfb27ea9d46ac80dfeb4c27960dfa95ebfc07c5afa5b9
-
Size
1.8MB
-
Sample
240428-qnqr7agg29
-
MD5
ee38ca2353a49754ff29fa865b5190ef
-
SHA1
cf5838cc3d550d3fae6626b6c6a3182f9fc793d8
-
SHA256
256158683a6f1768975bfb27ea9d46ac80dfeb4c27960dfa95ebfc07c5afa5b9
-
SHA512
204ae72a19eb7f5ca98543f63ea94642e69232862b7ba86beab755795888201b7b7621099c33315541c91a0f15fa6ed294f794a6fcae14d19924ec15b661fb89
-
SSDEEP
49152:e3/bnFNCFi8zcQ8PBo2hQHELANEEgjlExuL+rUl8bYj:ejnzgi8pGBouQHH6JExLoWbY
Static task
static1
Behavioral task
behavioral1
Sample
256158683a6f1768975bfb27ea9d46ac80dfeb4c27960dfa95ebfc07c5afa5b9.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
amadey
4.20
http://193.233.132.139
-
install_dir
5454e6f062
-
install_file
explorta.exe
-
strings_key
c7a869c5ba1d72480093ec207994e2bf
-
url_paths
/sev56rkm/index.php
Targets
-
-
Target
256158683a6f1768975bfb27ea9d46ac80dfeb4c27960dfa95ebfc07c5afa5b9
-
Size
1.8MB
-
MD5
ee38ca2353a49754ff29fa865b5190ef
-
SHA1
cf5838cc3d550d3fae6626b6c6a3182f9fc793d8
-
SHA256
256158683a6f1768975bfb27ea9d46ac80dfeb4c27960dfa95ebfc07c5afa5b9
-
SHA512
204ae72a19eb7f5ca98543f63ea94642e69232862b7ba86beab755795888201b7b7621099c33315541c91a0f15fa6ed294f794a6fcae14d19924ec15b661fb89
-
SSDEEP
49152:e3/bnFNCFi8zcQ8PBo2hQHELANEEgjlExuL+rUl8bYj:ejnzgi8pGBouQHH6JExLoWbY
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-