Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
httpscdn.discordapp.comattachments1.txt
-
Size
183B
-
Sample
240524-dk835sah7s
-
MD5
0efe1a91f04c297bd82f5f7abac671dd
-
SHA1
fe604b052bd341f8b3f2ef3381f5fdd13f9e9186
-
SHA256
69840b6059d51cc1aeb9846f1fcb2ddca0f89b4690fca73b98cd42edc2237f0f
-
SHA512
5c204bc45626f12550945a76f5285a36bd260abd5bda13cb25f0c6e15b96114cc15d337a5f0a4058b6415e7b4e4914b724dfce10a279123b0362e28488ba8f94
Static task
static1
Malware Config
Targets
-
-
Target
httpscdn.discordapp.comattachments1.txt
-
Size
183B
-
MD5
0efe1a91f04c297bd82f5f7abac671dd
-
SHA1
fe604b052bd341f8b3f2ef3381f5fdd13f9e9186
-
SHA256
69840b6059d51cc1aeb9846f1fcb2ddca0f89b4690fca73b98cd42edc2237f0f
-
SHA512
5c204bc45626f12550945a76f5285a36bd260abd5bda13cb25f0c6e15b96114cc15d337a5f0a4058b6415e7b4e4914b724dfce10a279123b0362e28488ba8f94
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-