Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ed3b32499054cd44eaa26fcd6b06a4e79b849daf671ea94b22da78f4e9a41d75
-
Size
6.2MB
-
Sample
240625-wlfr4axblq
-
MD5
f1b502e7e2c6e4288984bdbffc1fb8b9
-
SHA1
a5be8f99c62bf1b41ad971d538254a78bd64dc1b
-
SHA256
ed3b32499054cd44eaa26fcd6b06a4e79b849daf671ea94b22da78f4e9a41d75
-
SHA512
07a6b84592586dcbd98e74cf6a5f55c9996857f2f573d011ac9d5339c719734555cbff7226740ac2f3a7d08bb873436b0da4fed2137c789382378519d0d2fb31
-
SSDEEP
196608:Wy2LkJnlEjOu1WcTwpWkYybdBRqI41TJSHQXt4:3nlMYNpvb1n41IHT
Malware Config
Targets
-
-
Target
ed3b32499054cd44eaa26fcd6b06a4e79b849daf671ea94b22da78f4e9a41d75
-
Size
6.2MB
-
MD5
f1b502e7e2c6e4288984bdbffc1fb8b9
-
SHA1
a5be8f99c62bf1b41ad971d538254a78bd64dc1b
-
SHA256
ed3b32499054cd44eaa26fcd6b06a4e79b849daf671ea94b22da78f4e9a41d75
-
SHA512
07a6b84592586dcbd98e74cf6a5f55c9996857f2f573d011ac9d5339c719734555cbff7226740ac2f3a7d08bb873436b0da4fed2137c789382378519d0d2fb31
-
SSDEEP
196608:Wy2LkJnlEjOu1WcTwpWkYybdBRqI41TJSHQXt4:3nlMYNpvb1n41IHT
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-