Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file.exe
-
Size
1.7MB
-
Sample
240912-bjxydatbqh
-
MD5
582c09e30698672fd833e6e6c0dc506e
-
SHA1
37dafeb7ea62e155ff3f2d47f84011b24ef8ba2b
-
SHA256
99e3eaac03d77c6b24ebd5a17326ba051788d58f1f1d4aa6871310419a85d8af
-
SHA512
495525e62560e397c0bef9c7f17358c08547c34930e772c8e59476ec50b7196eac28a0cbba83d0d90ebcc4282e210e0d140292cf4bfd52262cba45e2a9d6a1c9
-
SSDEEP
49152:31U0cR91UH/HfSve4TthkZ71pGjYgvsiX+xmc5Q:FUXR91UH/KvXTPkDYc+sQl
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
file.exe
-
Size
1.7MB
-
MD5
582c09e30698672fd833e6e6c0dc506e
-
SHA1
37dafeb7ea62e155ff3f2d47f84011b24ef8ba2b
-
SHA256
99e3eaac03d77c6b24ebd5a17326ba051788d58f1f1d4aa6871310419a85d8af
-
SHA512
495525e62560e397c0bef9c7f17358c08547c34930e772c8e59476ec50b7196eac28a0cbba83d0d90ebcc4282e210e0d140292cf4bfd52262cba45e2a9d6a1c9
-
SSDEEP
49152:31U0cR91UH/HfSve4TthkZ71pGjYgvsiX+xmc5Q:FUXR91UH/KvXTPkDYc+sQl
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-