Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    loader.exe

  • Size

    8.5MB

  • Sample

    240608-wrbekaeh95

  • MD5

    851dc1231b62cca3b63f7f2287dff84f

  • SHA1

    16915a97ff71586cb033319a3f81c18d8792e1b7

  • SHA256

    2019edf4b004995ed0cc16da5a8746a6154b16df7663cbe6d3fc7782ba5dbc17

  • SHA512

    507c6038f9b65ccb74fe6947ac9caeeef35dcc1b0d01fd68e10a7d2cc5cf6997bdd04cb10b1cc25fd2966b266c7ff471f91618da6021ef4cd0ba24803c7482f9

  • SSDEEP

    196608:lWU/XIK3djYTPtJyCAaws5WJqHqJLkSXNzeHrldm:lWU/4kU7tJy7DhJQyNSLl4

Malware Config

Targets

    • Target

      loader.exe

    • Size

      8.5MB

    • MD5

      851dc1231b62cca3b63f7f2287dff84f

    • SHA1

      16915a97ff71586cb033319a3f81c18d8792e1b7

    • SHA256

      2019edf4b004995ed0cc16da5a8746a6154b16df7663cbe6d3fc7782ba5dbc17

    • SHA512

      507c6038f9b65ccb74fe6947ac9caeeef35dcc1b0d01fd68e10a7d2cc5cf6997bdd04cb10b1cc25fd2966b266c7ff471f91618da6021ef4cd0ba24803c7482f9

    • SSDEEP

      196608:lWU/XIK3djYTPtJyCAaws5WJqHqJLkSXNzeHrldm:lWU/4kU7tJy7DhJQyNSLl4

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks