Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d9d0abb631e66eb73f616afa490fa640b982e94f48bd625caa5852b87a309442.exe
-
Size
1.8MB
-
Sample
241001-b7739ayglh
-
MD5
a48636d4112e0e59db4553623d563865
-
SHA1
b141241b7908f645f085058ac2d6ec91a0fd4842
-
SHA256
d9d0abb631e66eb73f616afa490fa640b982e94f48bd625caa5852b87a309442
-
SHA512
5a472079cfcb459816c3d1127ff46db401db3673b93a25aaf42937cf7b6d1472231e2b89bddcf9c4c1f767517c49a9214a07beac8c8e3bf36cf5c7938cb72e96
-
SSDEEP
49152:t7cpSd0oID8pD52LJoljOPnMtwsGQDJtaU6:t7cp7D8pAYOPnLT
Static task
static1
Behavioral task
behavioral1
Sample
d9d0abb631e66eb73f616afa490fa640b982e94f48bd625caa5852b87a309442.exe
Resource
win7-20240708-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
d9d0abb631e66eb73f616afa490fa640b982e94f48bd625caa5852b87a309442.exe
-
Size
1.8MB
-
MD5
a48636d4112e0e59db4553623d563865
-
SHA1
b141241b7908f645f085058ac2d6ec91a0fd4842
-
SHA256
d9d0abb631e66eb73f616afa490fa640b982e94f48bd625caa5852b87a309442
-
SHA512
5a472079cfcb459816c3d1127ff46db401db3673b93a25aaf42937cf7b6d1472231e2b89bddcf9c4c1f767517c49a9214a07beac8c8e3bf36cf5c7938cb72e96
-
SSDEEP
49152:t7cpSd0oID8pD52LJoljOPnMtwsGQDJtaU6:t7cp7D8pAYOPnLT
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-