Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9b428357147e9b84f035527c1308870147a2930027e20531df19429545f06421
-
Size
1.8MB
-
Sample
240705-stkt8starc
-
MD5
fa6419e8f5a6bee481357f2a1f40efeb
-
SHA1
666ca974b3918ca19323fe9813a14cb4790f028f
-
SHA256
9b428357147e9b84f035527c1308870147a2930027e20531df19429545f06421
-
SHA512
862feebede8863728cc3d34b48c0d3acea31279e96c39957a8b4e84f7d771ce65c7620a6fbeb80dd2e8c0bc9d6117e8d6ac63afeac3d0d0b89e28a48e1dc5dfa
-
SSDEEP
49152:3/1G+rnmxTDSNCpLm3AThjsWq4YYFreG:Po+rnmxTDSYpLhj9ZeG
Static task
static1
Behavioral task
behavioral1
Sample
9b428357147e9b84f035527c1308870147a2930027e20531df19429545f06421.exe
Resource
win7-20240508-en
Malware Config
Extracted
amadey
4.30
4dd39d
http://77.91.77.82
-
install_dir
ad40971b6b
-
install_file
explorti.exe
-
strings_key
a434973ad22def7137dbb5e059b7081e
-
url_paths
/Hun4Ko/index.php
Targets
-
-
Target
9b428357147e9b84f035527c1308870147a2930027e20531df19429545f06421
-
Size
1.8MB
-
MD5
fa6419e8f5a6bee481357f2a1f40efeb
-
SHA1
666ca974b3918ca19323fe9813a14cb4790f028f
-
SHA256
9b428357147e9b84f035527c1308870147a2930027e20531df19429545f06421
-
SHA512
862feebede8863728cc3d34b48c0d3acea31279e96c39957a8b4e84f7d771ce65c7620a6fbeb80dd2e8c0bc9d6117e8d6ac63afeac3d0d0b89e28a48e1dc5dfa
-
SSDEEP
49152:3/1G+rnmxTDSNCpLm3AThjsWq4YYFreG:Po+rnmxTDSYpLhj9ZeG
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-