Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Velocity Spoofer.exe

  • Size

    19.7MB

  • Sample

    240720-bk2mystaqe

  • MD5

    6cb66ac3e7d224dcf60fce2902f50d4b

  • SHA1

    2bf70cf93d9d6ac13916c2affb610f2c6a885764

  • SHA256

    dd2f3d7118883fd2d37095ff4abf738f99a23e801935671a56a85594aa6ceb04

  • SHA512

    1ad4eb84196ff724f715b7338e08c1591fdcb28ddf0786e42cf02fcdcab05cd941e3b0bf43f39705f865ddf77dd9a2c82625441008fb5cd7b890b2bc94f73b39

  • SSDEEP

    393216:l4qMf3RuoaX5L7nFv2TGIlkeBqkRbfxL9tMtbmE/WUnwbZSDUX:lPMvRU1rl+GxeBqkltMtV/WUnwbZ1

Malware Config

Targets

    • Target

      Velocity Spoofer.exe

    • Size

      19.7MB

    • MD5

      6cb66ac3e7d224dcf60fce2902f50d4b

    • SHA1

      2bf70cf93d9d6ac13916c2affb610f2c6a885764

    • SHA256

      dd2f3d7118883fd2d37095ff4abf738f99a23e801935671a56a85594aa6ceb04

    • SHA512

      1ad4eb84196ff724f715b7338e08c1591fdcb28ddf0786e42cf02fcdcab05cd941e3b0bf43f39705f865ddf77dd9a2c82625441008fb5cd7b890b2bc94f73b39

    • SSDEEP

      393216:l4qMf3RuoaX5L7nFv2TGIlkeBqkRbfxL9tMtbmE/WUnwbZSDUX:lPMvRU1rl+GxeBqkltMtV/WUnwbZ1

    • Modifies visiblity of hidden/system files in Explorer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks