Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-07-11_cb6502d347e66ad00df8d61f2bff373d_mafia

  • Size

    7.5MB

  • Sample

    240711-bs9crstclh

  • MD5

    cb6502d347e66ad00df8d61f2bff373d

  • SHA1

    36edfd1489b637c9605f7f3121d9953a0f0cee5c

  • SHA256

    1f9ba4adb9f568997316645d1210d582c433321eec50e0348561efc65277001e

  • SHA512

    7c29b49d159e57168af0a9d6247d1f13b291b54e47c29e49b4c0f95259c578f17505ec589541ade63f0b9dca79e9efe5b9838239291f2a0cc19d5da034641e81

  • SSDEEP

    196608:FYE0SCI4rbECIwBbiL4c7RcXYP0a5Lp/3/PXCt40+isGsaNk:FYn/8ChhoFhPPXYtbjNk

Score
9/10

Malware Config

Targets

    • Target

      2024-07-11_cb6502d347e66ad00df8d61f2bff373d_mafia

    • Size

      7.5MB

    • MD5

      cb6502d347e66ad00df8d61f2bff373d

    • SHA1

      36edfd1489b637c9605f7f3121d9953a0f0cee5c

    • SHA256

      1f9ba4adb9f568997316645d1210d582c433321eec50e0348561efc65277001e

    • SHA512

      7c29b49d159e57168af0a9d6247d1f13b291b54e47c29e49b4c0f95259c578f17505ec589541ade63f0b9dca79e9efe5b9838239291f2a0cc19d5da034641e81

    • SSDEEP

      196608:FYE0SCI4rbECIwBbiL4c7RcXYP0a5Lp/3/PXCt40+isGsaNk:FYn/8ChhoFhPPXYtbjNk

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks