Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5202f99baf32bd7c0df659637b99cfbd53f7bd3d171ecf61529fec4daf7e71b4N
-
Size
1.8MB
-
Sample
240927-psvq9ssglj
-
MD5
d373b4b79df48249752714876f9ca220
-
SHA1
b3a700f70e22287aed6a8e218ff239b77a70b461
-
SHA256
5202f99baf32bd7c0df659637b99cfbd53f7bd3d171ecf61529fec4daf7e71b4
-
SHA512
3f240ee9a05180166d445ab4aeb6be8aec6e27116a7576688bcef0dd5dec0cab483283040bb2d6015e9e537226cbac6a5e151d18efe638dfbc03109c288e246a
-
SSDEEP
49152:6wRBGfPzvA9Id6hSmZVsQvsW77p0q2zHnz16:qzo9Id6hSUVvVPpb2zHnz1
Static task
static1
Behavioral task
behavioral1
Sample
5202f99baf32bd7c0df659637b99cfbd53f7bd3d171ecf61529fec4daf7e71b4N.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
save
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
5202f99baf32bd7c0df659637b99cfbd53f7bd3d171ecf61529fec4daf7e71b4N
-
Size
1.8MB
-
MD5
d373b4b79df48249752714876f9ca220
-
SHA1
b3a700f70e22287aed6a8e218ff239b77a70b461
-
SHA256
5202f99baf32bd7c0df659637b99cfbd53f7bd3d171ecf61529fec4daf7e71b4
-
SHA512
3f240ee9a05180166d445ab4aeb6be8aec6e27116a7576688bcef0dd5dec0cab483283040bb2d6015e9e537226cbac6a5e151d18efe638dfbc03109c288e246a
-
SSDEEP
49152:6wRBGfPzvA9Id6hSmZVsQvsW77p0q2zHnz16:qzo9Id6hSUVvVPpb2zHnz1
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-