Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7b15f9a7c0001c2f959e1fd64e239ba8ec4ed49ad9828aa7ad603ae5be846e2f
-
Size
1.8MB
-
Sample
240519-plsckahb6w
-
MD5
16e41bf10edd66dc4a0f472193f9bdf7
-
SHA1
f36900689bafe0b56cd26e4e3966b8250ad67976
-
SHA256
7b15f9a7c0001c2f959e1fd64e239ba8ec4ed49ad9828aa7ad603ae5be846e2f
-
SHA512
8d0584b67035eb1a60cb9e729e64f9d62119a6e34c6ed5ae3289db61b9275d3dfbc3becd244e279ca83427c14c29122a75b8e014401a073f6dd45c45e47536f7
-
SSDEEP
24576:7Qf7S5f6usyqf/vHtkasg5CyAD9figmWsAfjf2fbBhlq8LaXU4mwclVaSU5g19vv:gSEtSa/XApfrmWs/taoa2r/vF11
Static task
static1
Behavioral task
behavioral1
Sample
7b15f9a7c0001c2f959e1fd64e239ba8ec4ed49ad9828aa7ad603ae5be846e2f.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
amadey
4.20
c767c0
http://5.42.96.7
-
install_dir
7af68cdb52
-
install_file
axplons.exe
-
strings_key
e2ce58e78f631ed97d01fe7b70e85d5e
-
url_paths
/zamo7h/index.php
Targets
-
-
Target
7b15f9a7c0001c2f959e1fd64e239ba8ec4ed49ad9828aa7ad603ae5be846e2f
-
Size
1.8MB
-
MD5
16e41bf10edd66dc4a0f472193f9bdf7
-
SHA1
f36900689bafe0b56cd26e4e3966b8250ad67976
-
SHA256
7b15f9a7c0001c2f959e1fd64e239ba8ec4ed49ad9828aa7ad603ae5be846e2f
-
SHA512
8d0584b67035eb1a60cb9e729e64f9d62119a6e34c6ed5ae3289db61b9275d3dfbc3becd244e279ca83427c14c29122a75b8e014401a073f6dd45c45e47536f7
-
SSDEEP
24576:7Qf7S5f6usyqf/vHtkasg5CyAD9figmWsAfjf2fbBhlq8LaXU4mwclVaSU5g19vv:gSEtSa/XApfrmWs/taoa2r/vF11
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-