Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Magic.exe
-
Size
5.4MB
-
Sample
240821-ctwzhazakn
-
MD5
632261a647d176fab4179afca83a6751
-
SHA1
22d032ffa9a12737c78437582e833beb644230e1
-
SHA256
e4ba2c8e5ede2d6bbc3a9009a4c588ebbe8a1381cc2e3286ae36a1a87eb3241b
-
SHA512
6e50432682a6fe3b9e5039ccc0776193f464bd1605974f946431b477d2dad9a267019df38d65a7cd5282f4933c0fb76dad6b33923b08ca76d28d3e8925f84f87
-
SSDEEP
98304:azz8zUAYRMhX8yJwO+H5S1//wvZWMoniz3SM0fcEQkouKMRXjDNUBT0D8l:c8zUAKMJlJT+H0VovT34cEgMJDkTo2
Malware Config
Targets
-
-
Target
Magic.exe
-
Size
5.4MB
-
MD5
632261a647d176fab4179afca83a6751
-
SHA1
22d032ffa9a12737c78437582e833beb644230e1
-
SHA256
e4ba2c8e5ede2d6bbc3a9009a4c588ebbe8a1381cc2e3286ae36a1a87eb3241b
-
SHA512
6e50432682a6fe3b9e5039ccc0776193f464bd1605974f946431b477d2dad9a267019df38d65a7cd5282f4933c0fb76dad6b33923b08ca76d28d3e8925f84f87
-
SSDEEP
98304:azz8zUAYRMhX8yJwO+H5S1//wvZWMoniz3SM0fcEQkouKMRXjDNUBT0D8l:c8zUAKMJlJT+H0VovT34cEgMJDkTo2
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-