Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Bootstrapper.exe

  • Size

    3.5MB

  • Sample

    240930-ph62jsvdlj

  • MD5

    04c7a2ff19228353eb7767f267bf04c8

  • SHA1

    c71c84cd6d037397138538af1f65a48623e791e2

  • SHA256

    b3be2c71193c51251c00720bb597e931f6650f5484d0fea28500acfcf0c84291

  • SHA512

    da31f0ea07ac32ee02d8514b10a0de39b2ac9f91f60f8106f9958c26876cd3341c12d51b663d3994f074f67a2d9e140fd4e8b69bde16139f487a477a42520443

  • SSDEEP

    98304:72AFpZr36YRzYP0XQ71xuNBk6IkRSe6eBuIXiHF1uraMfeJD:9hYP0g7ru7kroZ6eBuIXYF1zg

Malware Config

Targets

    • Target

      Bootstrapper.exe

    • Size

      3.5MB

    • MD5

      04c7a2ff19228353eb7767f267bf04c8

    • SHA1

      c71c84cd6d037397138538af1f65a48623e791e2

    • SHA256

      b3be2c71193c51251c00720bb597e931f6650f5484d0fea28500acfcf0c84291

    • SHA512

      da31f0ea07ac32ee02d8514b10a0de39b2ac9f91f60f8106f9958c26876cd3341c12d51b663d3994f074f67a2d9e140fd4e8b69bde16139f487a477a42520443

    • SSDEEP

      98304:72AFpZr36YRzYP0XQ71xuNBk6IkRSe6eBuIXiHF1uraMfeJD:9hYP0g7ru7kroZ6eBuIXYF1zg

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks