Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a693827d725fbe45e3b42813c281f9e2390af7cb21e06a6d8058923917104efd.exe
-
Size
1.8MB
-
Sample
240928-b4ebrssfqc
-
MD5
3fba342adc9a795c9c5f64b00ce01b74
-
SHA1
14378e009a4f05fe71df1600dd975d80201ec994
-
SHA256
a693827d725fbe45e3b42813c281f9e2390af7cb21e06a6d8058923917104efd
-
SHA512
2729e5ad7763677526d0088abd74406fced6ee7caec5c8774ded57a7528f413c62801ee59030b69cf55aa30b2644d481ebf0af117e9b7e7a36f961bf8c414e93
-
SSDEEP
24576:K8Ddwv5HafrA7siBwe6uiRkf9tefcy3v0tD4bAXnd7TTv2Z+FNVhrz/TlUyz0jFp:K/FaEoiBXj1G3cZ4C2Y1hrllz0yqhSK
Static task
static1
Behavioral task
behavioral1
Sample
a693827d725fbe45e3b42813c281f9e2390af7cb21e06a6d8058923917104efd.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
save
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
a693827d725fbe45e3b42813c281f9e2390af7cb21e06a6d8058923917104efd.exe
-
Size
1.8MB
-
MD5
3fba342adc9a795c9c5f64b00ce01b74
-
SHA1
14378e009a4f05fe71df1600dd975d80201ec994
-
SHA256
a693827d725fbe45e3b42813c281f9e2390af7cb21e06a6d8058923917104efd
-
SHA512
2729e5ad7763677526d0088abd74406fced6ee7caec5c8774ded57a7528f413c62801ee59030b69cf55aa30b2644d481ebf0af117e9b7e7a36f961bf8c414e93
-
SSDEEP
24576:K8Ddwv5HafrA7siBwe6uiRkf9tefcy3v0tD4bAXnd7TTv2Z+FNVhrz/TlUyz0jFp:K/FaEoiBXj1G3cZ4C2Y1hrllz0yqhSK
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-