Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    47c9d4bbb10a138cb8d126735b976f22.zip

  • Size

    2.3MB

  • Sample

    240901-gde39sshkm

  • MD5

    114e4113752665be0c8dd5ff07c00a65

  • SHA1

    48f6b7fc8a1453659fc95e4a9b201e551118f04e

  • SHA256

    2b1510cc90b56f53d3098f64477e3e6b34ecf9a90831df2db23d9d418b735a91

  • SHA512

    4a13c1e90715d19beaf486cc6f1dfb46b1afb49f622dc1c106c9553f4c2a360bc0e6a81197aaf353187afcfd2d1a20acc56fe3ceca17d0f5a52a494403017d24

  • SSDEEP

    49152:GgrS87z29/Sfj/rbXgOVZGl7Zra4YD7+GKQOxWBy3hFsFOMPmk58Ovf5L:I87z+qfDrbQOVZmZe1D7+7BrFsFDPH3N

Malware Config

Targets

    • Target

      d3c967ebe05bcd11c84a933670ecdc748a621ab5b3892c45c883c0d55ba556f3

    • Size

      2.3MB

    • MD5

      47c9d4bbb10a138cb8d126735b976f22

    • SHA1

      0ce89089004bb315f0f6934311d4a98678042e84

    • SHA256

      d3c967ebe05bcd11c84a933670ecdc748a621ab5b3892c45c883c0d55ba556f3

    • SHA512

      aef2f3af76887ebf736b21d43032e0edb59aaa40be608142abee9c165f2fb1ad47c66b8477f064293bd13080231a2309079a590d194fbac79a27994fff94b851

    • SSDEEP

      49152:8XJROhQi7Sn42IvWHSSwmBI7uAtN1po9xvCLJk03FczZ:850dW42ITWK7z/1C9L03F8

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks