Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
03/08/2024, 03:28
240803-d1et8swfre 9General
-
Target
Bootstrapper.exe
-
Size
795KB
-
Sample
240803-d1et8swfre
-
MD5
365971e549352a15e150b60294ec2e57
-
SHA1
2932242b427e81b1b4ac8c11fb17793eae0939f7
-
SHA256
faad2bc8e61b75e595a80ff2b6d150ff8b27187a8ba426cc1e5e38e193ab6d42
-
SHA512
f7ba1353e880213a6bdf5bd1dfdfd42a0acf4066a540a502e8df8fec8eac7fb80b75aa52e68eca98be3f7701da48eb90758e5b94d72013d3dff05e0aaf27e938
-
SSDEEP
12288:GYa9sBhIBdCdbX1USoeQDj/VNpA+dZIznBpGTEy:Pa98hIBdjSoeQDj/VNpZdZIznBpg
Static task
static1
Malware Config
Targets
-
-
Target
Bootstrapper.exe
-
Size
795KB
-
MD5
365971e549352a15e150b60294ec2e57
-
SHA1
2932242b427e81b1b4ac8c11fb17793eae0939f7
-
SHA256
faad2bc8e61b75e595a80ff2b6d150ff8b27187a8ba426cc1e5e38e193ab6d42
-
SHA512
f7ba1353e880213a6bdf5bd1dfdfd42a0acf4066a540a502e8df8fec8eac7fb80b75aa52e68eca98be3f7701da48eb90758e5b94d72013d3dff05e0aaf27e938
-
SSDEEP
12288:GYa9sBhIBdCdbX1USoeQDj/VNpA+dZIznBpGTEy:Pa98hIBdjSoeQDj/VNpZdZIznBpg
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Discovery
Browser Information Discovery
1Network Share Discovery
1Peripheral Device Discovery
1Query Registry
4System Information Discovery
5System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1Virtualization/Sandbox Evasion
1