Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-07-11_cb6502d347e66ad00df8d61f2bff373d_mafia
-
Size
7.5MB
-
Sample
240711-bs9crstclh
-
MD5
cb6502d347e66ad00df8d61f2bff373d
-
SHA1
36edfd1489b637c9605f7f3121d9953a0f0cee5c
-
SHA256
1f9ba4adb9f568997316645d1210d582c433321eec50e0348561efc65277001e
-
SHA512
7c29b49d159e57168af0a9d6247d1f13b291b54e47c29e49b4c0f95259c578f17505ec589541ade63f0b9dca79e9efe5b9838239291f2a0cc19d5da034641e81
-
SSDEEP
196608:FYE0SCI4rbECIwBbiL4c7RcXYP0a5Lp/3/PXCt40+isGsaNk:FYn/8ChhoFhPPXYtbjNk
Static task
static1
Behavioral task
behavioral1
Sample
2024-07-11_cb6502d347e66ad00df8d61f2bff373d_mafia.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
2024-07-11_cb6502d347e66ad00df8d61f2bff373d_mafia.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
2024-07-11_cb6502d347e66ad00df8d61f2bff373d_mafia
-
Size
7.5MB
-
MD5
cb6502d347e66ad00df8d61f2bff373d
-
SHA1
36edfd1489b637c9605f7f3121d9953a0f0cee5c
-
SHA256
1f9ba4adb9f568997316645d1210d582c433321eec50e0348561efc65277001e
-
SHA512
7c29b49d159e57168af0a9d6247d1f13b291b54e47c29e49b4c0f95259c578f17505ec589541ade63f0b9dca79e9efe5b9838239291f2a0cc19d5da034641e81
-
SSDEEP
196608:FYE0SCI4rbECIwBbiL4c7RcXYP0a5Lp/3/PXCt40+isGsaNk:FYn/8ChhoFhPPXYtbjNk
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-