Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4095099f8dc01fa0e768c90bc5f6930b.bin

  • Size

    2.3MB

  • Sample

    240509-bw55hsdd94

  • MD5

    1c0b283b8f3a25091997ba65a7e20be6

  • SHA1

    48b58e9ec81e5c108382cd87680dde16107c97d0

  • SHA256

    af3fb8a4cb92ec05d2b9a426ee5225d2adfebd4beb90ba16c8c7ef9b3078ff3a

  • SHA512

    470774df7ed56dfa34a825b18b783faf3037ac1589d88249c9eae898af076f4922d344617283ba55e6c775b495a04a97ef47d800363c4e6b0422fb626e8bb197

  • SSDEEP

    49152:vewwKO+qgqDVHAIWHcGwShj+wOBkGQL8UAWTUECi/dsv5d1TJU:AKOSqpXW8eSKZ3AqUQ/M5dzU

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      2c4b9f1da660cc47a044ee56e82c9fcd7e2e37fce633db555679f3a225835009.exe

    • Size

      2.3MB

    • MD5

      4095099f8dc01fa0e768c90bc5f6930b

    • SHA1

      b39c9d00a3e8dd50c5eda7fe051af42120ebcbaa

    • SHA256

      2c4b9f1da660cc47a044ee56e82c9fcd7e2e37fce633db555679f3a225835009

    • SHA512

      1ae03baee6096fa653612f344433bdfd357b2bfe639391effdebd4ef63efbacb6f8ad9a2fb1ed1714d1a99418a13694efc5aaabdf7d79cfa6ee3449b66fab600

    • SSDEEP

      49152:6Ts9zpYo556eURBCcuAU42VAYJiSo0UKQ0mJNFXVRMFZaBo:649SoqrRBCDnVfJikxQ0WNNo

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks