Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Lua injecter.exe
-
Size
77.3MB
-
Sample
240824-lbp8nsvfmm
-
MD5
3d163fba432983dd77ce1d02614d90ee
-
SHA1
d389db83676de8fc535a1c1d1e7500fb578999aa
-
SHA256
78a633fe1ffe2bca116a204c4443ce6e070d302c9070c3aff6fb03236c44d5ca
-
SHA512
47513baa480f548639d6a06fd7b54981e9df900e2b679624fb38414a0576796dbb9ebc00e4d322aff9ac46c570f63089dd04592f4e6bf01e632380d12096e3c8
-
SSDEEP
1572864:nvHcRlPSk8IpG7V+VPhqYdfME7FFlHFziYweyJulZUdgAdW47jzux3a/Z9U:nvHcRxSkB05awcfhdCpukdRna49U
Malware Config
Targets
-
-
Target
Lua injecter.exe
-
Size
77.3MB
-
MD5
3d163fba432983dd77ce1d02614d90ee
-
SHA1
d389db83676de8fc535a1c1d1e7500fb578999aa
-
SHA256
78a633fe1ffe2bca116a204c4443ce6e070d302c9070c3aff6fb03236c44d5ca
-
SHA512
47513baa480f548639d6a06fd7b54981e9df900e2b679624fb38414a0576796dbb9ebc00e4d322aff9ac46c570f63089dd04592f4e6bf01e632380d12096e3c8
-
SSDEEP
1572864:nvHcRlPSk8IpG7V+VPhqYdfME7FFlHFziYweyJulZUdgAdW47jzux3a/Z9U:nvHcRxSkB05awcfhdCpukdRna49U
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1