Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Halal.zip
-
Size
293KB
-
Sample
240530-npjddsfg8x
-
MD5
ac001b7e2abd3229ee3f27bd3d680993
-
SHA1
a3c2821abf94b729a502786a841a459fe275a063
-
SHA256
dd444cde27429480dc0a2d06749f166aa1e821ab981160b6f20b9dbdc58dbdd7
-
SHA512
e1dde330945206ee36d7f4d65abcc256de797cef28b01c4597475d9c86db317702e48f800c7158fa5248f1bcd7f86cabeafea8221169a3958afd973517f4c08d
-
SSDEEP
6144:SrFDE4cN1PwpTkmXElCtVlWRhNTxFtM6Ed04BPrhpN6yqgKR:8rTpTkq8CtVlQfZM3d04hrhpNkNR
Static task
static1
Behavioral task
behavioral1
Sample
Halal/Halal Executor.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Halal/Halal Executor.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
Halal/Halal Executor.exe
-
Size
298KB
-
MD5
c05d7e70381b34ccdfb2ce3ca66db346
-
SHA1
35ffe2786347fbb4e04d4a4d180c504e7253b5b3
-
SHA256
1f55aaa075186096b8c95247b9d5fb4072dee441d670e89859ecd555ad675bd3
-
SHA512
3479153f05e8592f7136da9ce3dd2bb3dd0c1824f346ebbd4921e2d3e771f1543e58b9389cbb4118f3d917fb5e9d3939c166f660684f43a945e436d4e829e3fb
-
SSDEEP
6144:YuCXa8VmqO1n/NkBWP1mXElCTVlWRhNTxFm+Iol7CBlpNeyqgK:0aJ1/F1q8CTVlQfbnCBlpNgN
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Legitimate hosting services abused for malware hosting/C2
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-