Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
VineMEMZ-Original.exe
-
Size
39.6MB
-
Sample
240613-1cbh8svbkm
-
MD5
b949ba30eb82cc79eeb7c2d64f483bcb
-
SHA1
8361089264726bb6cff752b3c137fde6d01f4d80
-
SHA256
5f6a8f0e85704eb30340a872eec136623e57ab014b4dd165c68dd8cd76143923
-
SHA512
e2acd4fe7627e55be3e019540269033f65d4954831a732d7a4bd50607260cd2a238832f604fa344f04be9f70e8757a9f2d797de37b440159a16bf3a6359a759b
-
SSDEEP
786432:1fhwEXgLYTou24XbHzjkgV5bQAH/AbkP1hn0qPQPrhBPC7wYqljbdPIa:dqgb84DPn5vhbIPdZaWljbdPIa
Malware Config
Targets
-
-
Target
VineMEMZ-Original.exe
-
Size
39.6MB
-
MD5
b949ba30eb82cc79eeb7c2d64f483bcb
-
SHA1
8361089264726bb6cff752b3c137fde6d01f4d80
-
SHA256
5f6a8f0e85704eb30340a872eec136623e57ab014b4dd165c68dd8cd76143923
-
SHA512
e2acd4fe7627e55be3e019540269033f65d4954831a732d7a4bd50607260cd2a238832f604fa344f04be9f70e8757a9f2d797de37b440159a16bf3a6359a759b
-
SSDEEP
786432:1fhwEXgLYTou24XbHzjkgV5bQAH/AbkP1hn0qPQPrhBPC7wYqljbdPIa:dqgb84DPn5vhbIPdZaWljbdPIa
Score8/10-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1