Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

release/ma...at.exe

windows7-x64

9

release/ma...at.exe

windows10-2004-x64

9

release/ma...er.exe

windows7-x64

9

release/ma...er.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    release.rar

  • Size

    8.1MB

  • Sample

    240520-agllwsae5z

  • MD5

    550f5e261d58b60ad66fe0303e3a1234

  • SHA1

    69bca3605b33b4043e0c730b73ceee2a596db82d

  • SHA256

    d414a91153d3003d9026994389a629203aa3f8fc83017f0e727273560315e181

  • SHA512

    14f157e0d1f44dacd12b5a6f13583d156a8b261956e97d47cc014536709f4402eb303f26b58ea6987323afa88ffa0b2332d5f6efa0eeb620afd35905f1309b40

  • SSDEEP

    196608:E7BFRsgkFbyhlu0X4f0ZvpBxAvGUFi0gpuKLoqizxw1j:EVXsg2byTu0NBA+UA0gxLonzG

Score
9/10
evasionpersistencethemidatrojan

Malware Config

Targets

    • Target

      release/main/cheat.exe

    • Size

      4.1MB

    • MD5

      d1895f02df8810e698741d4805317916

    • SHA1

      b45eb5ebe4184b6249f514122838b582c8030a0b

    • SHA256

      b2304109f2212ccf8b49c9fe8999b178ce7563c1c7540a05ea3d2836b22d361d

    • SHA512

      bf9449415ee28b84319df57dca23ce43b345e5dfa042e2613fd84f183a02154bca859785a8b51434ed5466ea7def19a2d562822d9d9f1c7a9de72055843d60b1

    • SSDEEP

      98304:bSXAizswlu7vCx/0nrEw1PP3rSDdV+8Tz7kI:bS/Qa50RP3rSP3II

    Score
    9/10
    evasionpersistencethemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Sets service image path in registry

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      release/main/loader.exe

    • Size

      4.1MB

    • MD5

      9ecdc9ed1bea6c226f92d740d43400b9

    • SHA1

      b5b5066cd4284733d8c3f3d7de3ca6653091ae10

    • SHA256

      60c57f14c2e0e0df0bda16646b21dddceaee0159dafbbb8daba310d4e1b5be6c

    • SHA512

      30bc705a2438288e3647d5adfc6119d751823970972b9c6b39a60384a2b7ac261986026b8d1c0b0ca7ee3d7e95363c97b873fdc5fad4096c903cb4e15bf57e43

    • SSDEEP

      98304:vnUGAC+hqc8lqvdzw2nsNKYYURyc9JirsN4JzmUPj:PTn2qcUzp6UYeJRCxPj

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks