Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Bootstrapper.exe
-
Size
3.5MB
-
Sample
240930-ph62jsvdlj
-
MD5
04c7a2ff19228353eb7767f267bf04c8
-
SHA1
c71c84cd6d037397138538af1f65a48623e791e2
-
SHA256
b3be2c71193c51251c00720bb597e931f6650f5484d0fea28500acfcf0c84291
-
SHA512
da31f0ea07ac32ee02d8514b10a0de39b2ac9f91f60f8106f9958c26876cd3341c12d51b663d3994f074f67a2d9e140fd4e8b69bde16139f487a477a42520443
-
SSDEEP
98304:72AFpZr36YRzYP0XQ71xuNBk6IkRSe6eBuIXiHF1uraMfeJD:9hYP0g7ru7kroZ6eBuIXYF1zg
Malware Config
Targets
-
-
Target
Bootstrapper.exe
-
Size
3.5MB
-
MD5
04c7a2ff19228353eb7767f267bf04c8
-
SHA1
c71c84cd6d037397138538af1f65a48623e791e2
-
SHA256
b3be2c71193c51251c00720bb597e931f6650f5484d0fea28500acfcf0c84291
-
SHA512
da31f0ea07ac32ee02d8514b10a0de39b2ac9f91f60f8106f9958c26876cd3341c12d51b663d3994f074f67a2d9e140fd4e8b69bde16139f487a477a42520443
-
SSDEEP
98304:72AFpZr36YRzYP0XQ71xuNBk6IkRSe6eBuIXiHF1uraMfeJD:9hYP0g7ru7kroZ6eBuIXYF1zg
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-