Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fbfa056492b426ab6190ba84e23308421a4ab957acc08f256bb8c333201d3d01

  • Size

    2.2MB

  • Sample

    240521-lvv82aha67

  • MD5

    66ccbed41993a7620e5729ab00df0102

  • SHA1

    b4b3623f2548303a18b9f11c451efd4ac9ff80bd

  • SHA256

    fbfa056492b426ab6190ba84e23308421a4ab957acc08f256bb8c333201d3d01

  • SHA512

    22758452407ada39d7724ad26f21cb15c0a3cebc2e579078bc9de896632f81175c30db2c9459c476386ae5b5a8b38c6fcef8010c19fd6bee2d17ce63084c725c

  • SSDEEP

    49152:NcPCa/p9ULTKQJ5zLOdEExTqdCSUgX2T/fApX:yP5p9UvKQbOdfTqd33muX

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      fbfa056492b426ab6190ba84e23308421a4ab957acc08f256bb8c333201d3d01

    • Size

      2.2MB

    • MD5

      66ccbed41993a7620e5729ab00df0102

    • SHA1

      b4b3623f2548303a18b9f11c451efd4ac9ff80bd

    • SHA256

      fbfa056492b426ab6190ba84e23308421a4ab957acc08f256bb8c333201d3d01

    • SHA512

      22758452407ada39d7724ad26f21cb15c0a3cebc2e579078bc9de896632f81175c30db2c9459c476386ae5b5a8b38c6fcef8010c19fd6bee2d17ce63084c725c

    • SSDEEP

      49152:NcPCa/p9ULTKQJ5zLOdEExTqdCSUgX2T/fApX:yP5p9UvKQbOdfTqd33muX

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks