Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
win_X64-telegram-TG-zwb5.09.exe.vir
-
Size
106.0MB
-
Sample
240802-r92x1stbje
-
MD5
7e5e997bacfd13d0e4334d3633a5a0c7
-
SHA1
5c00469208e2bf98d467ea18c50cbf1b59a8da8b
-
SHA256
1a6b8de03d8197a402c830f55e61b8a0a8912d56c458a6a6096029ccc0b2fb29
-
SHA512
0670220677d34d656b1055dff92ca44234e1e75e434dab9b4c55ced36dcda4da76e9023cecda2bbc2aa32dca2b7f4c50e1df8910cc9e56f2e2d9ffd164d14658
-
SSDEEP
1572864:jIVwGw8QkX/YZhf6a/XXe8MUQE3nsMHHiUyRLelUyRLelUyRLelUyRLelUyRLelo:jIVwGwOXgrf68X4UhsXj
Malware Config
Targets
-
-
Target
win_X64-telegram-TG-zwb5.09.exe.vir
-
Size
106.0MB
-
MD5
7e5e997bacfd13d0e4334d3633a5a0c7
-
SHA1
5c00469208e2bf98d467ea18c50cbf1b59a8da8b
-
SHA256
1a6b8de03d8197a402c830f55e61b8a0a8912d56c458a6a6096029ccc0b2fb29
-
SHA512
0670220677d34d656b1055dff92ca44234e1e75e434dab9b4c55ced36dcda4da76e9023cecda2bbc2aa32dca2b7f4c50e1df8910cc9e56f2e2d9ffd164d14658
-
SSDEEP
1572864:jIVwGw8QkX/YZhf6a/XXe8MUQE3nsMHHiUyRLelUyRLelUyRLelUyRLelUyRLelo:jIVwGwOXgrf68X4UhsXj
Score10/10-
UAC bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
1Netsh Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
1Pre-OS Boot
1Bootkit
1