Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    MantiWPF.zip

  • Size

    28.3MB

  • Sample

    240710-v3eexszgln

  • MD5

    acd904a1add5eea11da0ad18a03ee36d

  • SHA1

    a82a337b619c5cecd1a37ad84c2f30dba4b9e72e

  • SHA256

    70bc8d54d4279b6eab3b711c4bc08f094c5af2ee873eb65346573de20ccb3f74

  • SHA512

    09663e2f727674f344eff6bba584d899d3eedff3d19c558e247a5d93d9774da1ba0ffca91c55c4058cc2b19ddd8896a976a83be508cccbb5791af87d1ad0ea7f

  • SSDEEP

    393216:s7INwZwtwEli9pvTpVRwgjg9dTajLv7YNzbzo4jtlMdzUUxmG0+54TpLVsEeRxX6:sE/6ElWpv1VKgs9RiL7MlMM+5wGiie5R

Malware Config

Targets

    • Target

      MantiWPF.zip

    • Size

      28.3MB

    • MD5

      acd904a1add5eea11da0ad18a03ee36d

    • SHA1

      a82a337b619c5cecd1a37ad84c2f30dba4b9e72e

    • SHA256

      70bc8d54d4279b6eab3b711c4bc08f094c5af2ee873eb65346573de20ccb3f74

    • SHA512

      09663e2f727674f344eff6bba584d899d3eedff3d19c558e247a5d93d9774da1ba0ffca91c55c4058cc2b19ddd8896a976a83be508cccbb5791af87d1ad0ea7f

    • SSDEEP

      393216:s7INwZwtwEli9pvTpVRwgjg9dTajLv7YNzbzo4jtlMdzUUxmG0+54TpLVsEeRxX6:sE/6ElWpv1VKgs9RiL7MlMM+5wGiie5R

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks