Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

Catalyst_I...ed.exe

windows7-x64

9

Catalyst_I...ed.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Catalyst_InDev0.1_protected.exe

  • Size

    13.8MB

  • Sample

    240429-p3p9jaba36

  • MD5

    f21878d3a0fe8c661f336c30c4dae788

  • SHA1

    5229e86c8ea319ce8a2c22fbc8281db747a99a2c

  • SHA256

    bab2cdd95bb34ec1147ec11e33b5f3194b91b0b82358d8e8f517428eb0fc919f

  • SHA512

    2cea72cfa827252e873fbbe6b6506f60aa1926a182602e6cbe79f9a33147daa2598cd0ffa1940a4b7644b65ff05da172d8ffd5ccf585b88948e9e6e91f80e3d1

  • SSDEEP

    393216:vU4ZnmOateOirwCMQnDxOfhbs1l7TAVvwTP:s+se7rwCMQtOfhsOvwTP

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      Catalyst_InDev0.1_protected.exe

    • Size

      13.8MB

    • MD5

      f21878d3a0fe8c661f336c30c4dae788

    • SHA1

      5229e86c8ea319ce8a2c22fbc8281db747a99a2c

    • SHA256

      bab2cdd95bb34ec1147ec11e33b5f3194b91b0b82358d8e8f517428eb0fc919f

    • SHA512

      2cea72cfa827252e873fbbe6b6506f60aa1926a182602e6cbe79f9a33147daa2598cd0ffa1940a4b7644b65ff05da172d8ffd5ccf585b88948e9e6e91f80e3d1

    • SSDEEP

      393216:vU4ZnmOateOirwCMQnDxOfhbs1l7TAVvwTP:s+se7rwCMQtOfhsOvwTP

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks