Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1c00b1b0437e537733dcc3c048a59ba3a373f4ab30a97fab21e20501fd081d15

  • Size

    2.4MB

  • Sample

    240622-eehjns1ajj

  • MD5

    1d0710fba5166efb658d3d3907176d8b

  • SHA1

    ab4a279bdbd13e7ca844463b360cc5ca37ebb522

  • SHA256

    1c00b1b0437e537733dcc3c048a59ba3a373f4ab30a97fab21e20501fd081d15

  • SHA512

    6ceadca1f68b3ee4871e920a9389a43ec133935337e87a60f57a0726fcccf6ce33a31554714fa93f86005042f2b22a493bcd54646eb5923bd8b4034649ff05ae

  • SSDEEP

    49152:P7uCtkIH2S+UsCCrSRvDJTVG/bYX2LCNuZoDvZ85MG28Vn:PSIuUsCC2FDJTiq2NZqz8V

Score
10/10

Malware Config

Extracted

Family

risepro

C2

77.91.77.66:58709

Targets

    • Target

      1c00b1b0437e537733dcc3c048a59ba3a373f4ab30a97fab21e20501fd081d15

    • Size

      2.4MB

    • MD5

      1d0710fba5166efb658d3d3907176d8b

    • SHA1

      ab4a279bdbd13e7ca844463b360cc5ca37ebb522

    • SHA256

      1c00b1b0437e537733dcc3c048a59ba3a373f4ab30a97fab21e20501fd081d15

    • SHA512

      6ceadca1f68b3ee4871e920a9389a43ec133935337e87a60f57a0726fcccf6ce33a31554714fa93f86005042f2b22a493bcd54646eb5923bd8b4034649ff05ae

    • SSDEEP

      49152:P7uCtkIH2S+UsCCrSRvDJTVG/bYX2LCNuZoDvZ85MG28Vn:PSIuUsCC2FDJTiq2NZqz8V

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks