Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

26/06/2024, 00:05

240626-adg5asvckn 7

26/06/2024, 00:03

240626-ab6d4svblr 9

General

  • Target

    updated_executor.rar

  • Size

    3.5MB

  • Sample

    240626-ab6d4svblr

  • MD5

    d73111b521e8f8b7cc6596eeff5b1749

  • SHA1

    9cbf4b5ac548c7cd0c5adfd0bb5448dbe03aa590

  • SHA256

    ace42bc61959dde6abbef1deccb2474f97bc8790f86b853638cf6b9cedf7092c

  • SHA512

    c7459453f7c9732135a05a4abdf00a1c12036eae503c9fc90327ad3a77730bd6b6fa349066de7d8f97c295e1429548100b484bd25d27fbc54ba4aafc12c7a9d4

  • SSDEEP

    49152:L5nYy10A2bOJaxwQ28QbgdP/h5NySL3GNq2WLIb/TmJV8lwcOMcmf3HYgMkC2ZDc:hYy1l2VGQ23E33Ny2qjbjedM9PMKZvXw

Malware Config

Targets

    • Target

      updated_executor/updated executor/cocainav2.0.dll

    • Size

      594KB

    • MD5

      7f6f5fb7acca3f195bca4d089580270c

    • SHA1

      151c233850a3a3f36a6e1bede319610fafc97c93

    • SHA256

      fb9365c61ea9677f42e2d0befebbdfdd55b0bb5058c4f321b2ff8627c0fe0350

    • SHA512

      4c972d290b9d0639fe8d72433d62424b47af7d771d05bd089ce72829e1317e2268627cdeec2603c55eb329a11c57877b528c76320a4cf780c45bba8c2b832caa

    • SSDEEP

      12288:eJJ/fWJEbvLFmqUNFTSpkP2WUxCj2AqeMQmkn:eJdWEbBmhNFTSpkPruGKFkn

    Score
    1/10
    • Target

      updated_executor/updated executor/new8dh4h4g4.exe

    • Size

      3.2MB

    • MD5

      16c6223445656672a11d8caa3fe5b501

    • SHA1

      9f5f3a0c19f55eb9096849f8cc28a72c68384b4e

    • SHA256

      e788e5d436739b8e4250b049aac61baf7c37710683c59f1c9203bfc1ba6e9c54

    • SHA512

      657412ad28ae1e5256705a6ca6d40d5b3a28d91332521154b55d42c56e946a65e77ac8d7b4def2256718ff5b9ca71a111f47ec074a7bf7a6fb9fc0ee3b68c40a

    • SSDEEP

      49152:cKoECNaxzUgP6yZMcCSIxIGMCgbRahL45jMyhf7nhNkEf/TJs7Swhmz+ODytrogz:GEBxzfPhecyaG7gbBjlbkEa7Sw2nOtv

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks