Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
target.ps1
-
Size
154B
-
Sample
240505-wsw3naca68
-
MD5
e92339c8a8820df2920d180ffcc66d45
-
SHA1
23968fbc5ae4fdf48fd699dcfee8c417317b0444
-
SHA256
15c486428ca6ef7add4c57355497f270f2a38ed43c40b994933d67d5f7e664fc
-
SHA512
dba5d0942a75a139fb5c5d67f8421fa0bb3c6f351554677117c46a9136cd12d4940ca80ef94796dfc578dbe81000c08d02ac19709453b26ac810e0d1b6db7abe
Static task
static1
Behavioral task
behavioral1
Sample
target.ps1
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
target.ps1
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
target.ps1
Resource
win11-20240419-en
Malware Config
Extracted
https://fatodex.b-cdn.net/fatodex
Extracted
https://fatodex.b-cdn.net/fatodex
Targets
-
-
Target
target.ps1
-
Size
154B
-
MD5
e92339c8a8820df2920d180ffcc66d45
-
SHA1
23968fbc5ae4fdf48fd699dcfee8c417317b0444
-
SHA256
15c486428ca6ef7add4c57355497f270f2a38ed43c40b994933d67d5f7e664fc
-
SHA512
dba5d0942a75a139fb5c5d67f8421fa0bb3c6f351554677117c46a9136cd12d4940ca80ef94796dfc578dbe81000c08d02ac19709453b26ac810e0d1b6db7abe
-
Banload
Banload variants download malicious files, then install and execute the files.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1