Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Zukigiunlocker.exe

  • Size

    9.3MB

  • Sample

    240928-rk5bvasfma

  • MD5

    483c79ecb7978584e4a025d801aa27e2

  • SHA1

    50394f5b488ec1f045f8eedbbe38d1222d5eb6f5

  • SHA256

    9d1f327a29485d68c0c288e449c0e3bd2634b78dac886775b84912c220e85c06

  • SHA512

    f7c8a884f23ec42a25551e874fa7568e7aa0e074b7816d42a585d37ea11a2883a9cf19fb82552a40446daafebad26be56ddc03223de27ad8b1f72a20fcfe1718

  • SSDEEP

    196608:iKIOsVbOk+0rasQ64lhPgh9QpxeQlEorvAI5YDTi8J4yn4:oxxOH0rVf4LPgXforYISiE4j

Score
9/10

Malware Config

Targets

    • Target

      Zukigiunlocker.exe

    • Size

      9.3MB

    • MD5

      483c79ecb7978584e4a025d801aa27e2

    • SHA1

      50394f5b488ec1f045f8eedbbe38d1222d5eb6f5

    • SHA256

      9d1f327a29485d68c0c288e449c0e3bd2634b78dac886775b84912c220e85c06

    • SHA512

      f7c8a884f23ec42a25551e874fa7568e7aa0e074b7816d42a585d37ea11a2883a9cf19fb82552a40446daafebad26be56ddc03223de27ad8b1f72a20fcfe1718

    • SSDEEP

      196608:iKIOsVbOk+0rasQ64lhPgh9QpxeQlEorvAI5YDTi8J4yn4:oxxOH0rVf4LPgXforYISiE4j

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Looks for VirtualBox Guest Additions in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks