Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8298e07859dd754ed841bf9ccf089d615c99781fddfe276384be906f2d12f8da
-
Size
1.8MB
-
Sample
240802-b79xvatblf
-
MD5
5cc3a863d3a74972f71a6763c5eb3d71
-
SHA1
a0cf4d2ebc2435c9cf25916a0b6fa46588d321e8
-
SHA256
8298e07859dd754ed841bf9ccf089d615c99781fddfe276384be906f2d12f8da
-
SHA512
f8773ce6145ec7732aca641da19c0a215db033f24f35d266ce4abae561657028fd80fd48923baac4237842b96c93bc2fec370843258aa60fd4a58117cc6d8ef7
-
SSDEEP
49152:cHdxg8zFspdvwbY+XZ4t1dd021ePoAukIqdnItjb:cHdipdK4t136o4nIt
Static task
static1
Behavioral task
behavioral1
Sample
8298e07859dd754ed841bf9ccf089d615c99781fddfe276384be906f2d12f8da.exe
Resource
win10v2004-20240730-en
Malware Config
Extracted
amadey
4.41
0657d1
http://185.215.113.19
-
install_dir
0d8f5eb8a7
-
install_file
explorti.exe
-
strings_key
6c55a5f34bb433fbd933a168577b1838
-
url_paths
/Vi9leo/index.php
Extracted
stealc
default
http://185.215.113.24
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
8298e07859dd754ed841bf9ccf089d615c99781fddfe276384be906f2d12f8da
-
Size
1.8MB
-
MD5
5cc3a863d3a74972f71a6763c5eb3d71
-
SHA1
a0cf4d2ebc2435c9cf25916a0b6fa46588d321e8
-
SHA256
8298e07859dd754ed841bf9ccf089d615c99781fddfe276384be906f2d12f8da
-
SHA512
f8773ce6145ec7732aca641da19c0a215db033f24f35d266ce4abae561657028fd80fd48923baac4237842b96c93bc2fec370843258aa60fd4a58117cc6d8ef7
-
SSDEEP
49152:cHdxg8zFspdvwbY+XZ4t1dd021ePoAukIqdnItjb:cHdipdK4t136o4nIt
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1