Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    AMZ GEN.rar

  • Size

    34.3MB

  • Sample

    241014-erc5qasflp

  • MD5

    be6d35edb30f5e8a170f56187fce98b3

  • SHA1

    3a80f615ccb6b93574d9c51055c43799e449c090

  • SHA256

    9549140353c2edca02962aecc735736797ff78e80445550578f808502d675bf4

  • SHA512

    bd5414d5d797ea012a4fb90fade12f7458507738a1d9f2c029af01c96d1cacbb48760bde6f2eecf6fb83f0601ba4d08f5c900d19bc141d35a2493e6b83839ea7

  • SSDEEP

    786432:6Oqgz94RjuFdJ9mdCEcPgYKjyHlPu/V5/Da8zVS0dpIvHlnt:6OrziRCBEMJKyQ5DvzVSaWvNt

Malware Config

Targets

    • Target

      AMZ SC GEN $25.exe

    • Size

      35.6MB

    • MD5

      90737d2d040d5f244d12c913e16d4b32

    • SHA1

      7ace76c649f3a090d5a9644dee3895244931bc2c

    • SHA256

      18763a42771ed4900a3a69b9899f5f799c59af502e4461a0635ccf03b95b42ab

    • SHA512

      cf95b23f69f83b3357ea763ae754b3cc23e43c6b7d4343aa85cf1b3527fcc4f7db83bc88f802c592ac78fb641bfcf04a14060185a527abc1ff7a005081327260

    • SSDEEP

      786432:nZPjrgPQ11QtI12j6+s7LWB75zuXVgGCuAszi0iZDxWALw4t2:Zf8QiI12qHWB75il+ZssDF0

    • Modifies visiblity of hidden/system files in Explorer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks