Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
updated_executor.rar
-
Size
3.5MB
-
Sample
240626-ab6d4svblr
-
MD5
d73111b521e8f8b7cc6596eeff5b1749
-
SHA1
9cbf4b5ac548c7cd0c5adfd0bb5448dbe03aa590
-
SHA256
ace42bc61959dde6abbef1deccb2474f97bc8790f86b853638cf6b9cedf7092c
-
SHA512
c7459453f7c9732135a05a4abdf00a1c12036eae503c9fc90327ad3a77730bd6b6fa349066de7d8f97c295e1429548100b484bd25d27fbc54ba4aafc12c7a9d4
-
SSDEEP
49152:L5nYy10A2bOJaxwQ28QbgdP/h5NySL3GNq2WLIb/TmJV8lwcOMcmf3HYgMkC2ZDc:hYy1l2VGQ23E33Ny2qjbjedM9PMKZvXw
Behavioral task
behavioral1
Sample
updated_executor/updated executor/cocainav2.0.dll
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
updated_executor/updated executor/cocainav2.0.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
updated_executor/updated executor/new8dh4h4g4.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
updated_executor/updated executor/cocainav2.0.dll
-
Size
594KB
-
MD5
7f6f5fb7acca3f195bca4d089580270c
-
SHA1
151c233850a3a3f36a6e1bede319610fafc97c93
-
SHA256
fb9365c61ea9677f42e2d0befebbdfdd55b0bb5058c4f321b2ff8627c0fe0350
-
SHA512
4c972d290b9d0639fe8d72433d62424b47af7d771d05bd089ce72829e1317e2268627cdeec2603c55eb329a11c57877b528c76320a4cf780c45bba8c2b832caa
-
SSDEEP
12288:eJJ/fWJEbvLFmqUNFTSpkP2WUxCj2AqeMQmkn:eJdWEbBmhNFTSpkPruGKFkn
Score1/10 -
-
-
Target
updated_executor/updated executor/new8dh4h4g4.exe
-
Size
3.2MB
-
MD5
16c6223445656672a11d8caa3fe5b501
-
SHA1
9f5f3a0c19f55eb9096849f8cc28a72c68384b4e
-
SHA256
e788e5d436739b8e4250b049aac61baf7c37710683c59f1c9203bfc1ba6e9c54
-
SHA512
657412ad28ae1e5256705a6ca6d40d5b3a28d91332521154b55d42c56e946a65e77ac8d7b4def2256718ff5b9ca71a111f47ec074a7bf7a6fb9fc0ee3b68c40a
-
SSDEEP
49152:cKoECNaxzUgP6yZMcCSIxIGMCgbRahL45jMyhf7nhNkEf/TJs7Swhmz+ODytrogz:GEBxzfPhecyaG7gbBjlbkEa7Sw2nOtv
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-