Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Yeah.exe

  • Size

    4.7MB

  • Sample

    240517-qk7xasad2v

  • MD5

    82b3a00eb4303992a25ac286cc81a586

  • SHA1

    facb18dbd463b8c710b5b5353b1042ea54dec669

  • SHA256

    081343ccb0f148c536a0e0811710b55e51d604c0496f2fde5c407cc1e75292eb

  • SHA512

    8b41660a7aa32e7472ea57edb4b8817fae9e6f4d6d77eff30b22a3033bc97c70bfbbc6a2f4479e2500585eda059cdeab2acd87c106fe219d109ab6707b6e52f0

  • SSDEEP

    98304:zaoiuuvagisE3E6uU2zBlsuVVVHYAj4fB07VY7m9istT:zNbgisCxaBlsQVVHdjpim95T

Malware Config

Targets

    • Target

      Yeah.exe

    • Size

      4.7MB

    • MD5

      82b3a00eb4303992a25ac286cc81a586

    • SHA1

      facb18dbd463b8c710b5b5353b1042ea54dec669

    • SHA256

      081343ccb0f148c536a0e0811710b55e51d604c0496f2fde5c407cc1e75292eb

    • SHA512

      8b41660a7aa32e7472ea57edb4b8817fae9e6f4d6d77eff30b22a3033bc97c70bfbbc6a2f4479e2500585eda059cdeab2acd87c106fe219d109ab6707b6e52f0

    • SSDEEP

      98304:zaoiuuvagisE3E6uU2zBlsuVVVHYAj4fB07VY7m9istT:zNbgisCxaBlsQVVHdjpim95T

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks