Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4e237f1e26b298872f262865da75ad9d07fc8eaa62ccc4a1def4fe240429ad6d
-
Size
1.8MB
-
Sample
240519-nj6xhafe7t
-
MD5
f66c34adf11e36c233d031b6e106e476
-
SHA1
365f7e709018925711f8b0e8f7c6c9912f6f7e38
-
SHA256
4e237f1e26b298872f262865da75ad9d07fc8eaa62ccc4a1def4fe240429ad6d
-
SHA512
e8a4eb5789701e80dd093a350bccf3fce7c4b124f97c3225e4462491f404f72d788833009a8e409cb02ab3f982e5785542d940c16f3e8d20da77ae12fed126c4
-
SSDEEP
49152:nW5ry23rhOU/472WpHf0rI03d22se696nx4HkQhbsLv6Imdw:Er53rh6CWVf0Uy2Zh96nobAKw
Static task
static1
Behavioral task
behavioral1
Sample
4e237f1e26b298872f262865da75ad9d07fc8eaa62ccc4a1def4fe240429ad6d.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
amadey
4.20
c767c0
http://5.42.96.7
-
install_dir
7af68cdb52
-
install_file
axplons.exe
-
strings_key
e2ce58e78f631ed97d01fe7b70e85d5e
-
url_paths
/zamo7h/index.php
Targets
-
-
Target
4e237f1e26b298872f262865da75ad9d07fc8eaa62ccc4a1def4fe240429ad6d
-
Size
1.8MB
-
MD5
f66c34adf11e36c233d031b6e106e476
-
SHA1
365f7e709018925711f8b0e8f7c6c9912f6f7e38
-
SHA256
4e237f1e26b298872f262865da75ad9d07fc8eaa62ccc4a1def4fe240429ad6d
-
SHA512
e8a4eb5789701e80dd093a350bccf3fce7c4b124f97c3225e4462491f404f72d788833009a8e409cb02ab3f982e5785542d940c16f3e8d20da77ae12fed126c4
-
SSDEEP
49152:nW5ry23rhOU/472WpHf0rI03d22se696nx4HkQhbsLv6Imdw:Er53rh6CWVf0Uy2Zh96nobAKw
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-