Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1YPQZ_file.exe
-
Size
1.7MB
-
Sample
241014-qh36bsxbnb
-
MD5
9e3d0de4343652353b07267361f520ea
-
SHA1
9a9a89627db72493bae3ee93147d939e23619a74
-
SHA256
a54efb68df3b1a8efca221079a0feb4f0726becb209b062e9eb832c36bd18393
-
SHA512
1b236354452848a243a0087e56ebf67c117beefa66ab3bd1cdafc7758b2b5190162f2588ff16f4d7f4ac143b4e290d13089b69bb75f88094aa607701c7597413
-
SSDEEP
49152:JYchSrfptMpJHAeq1b4HddPKUtwgAzMnQCKQCvf:HSrfoHAe1wgQwQ3f
Static task
static1
Behavioral task
behavioral1
Sample
1YPQZ_file.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
1YPQZ_file.exe
-
Size
1.7MB
-
MD5
9e3d0de4343652353b07267361f520ea
-
SHA1
9a9a89627db72493bae3ee93147d939e23619a74
-
SHA256
a54efb68df3b1a8efca221079a0feb4f0726becb209b062e9eb832c36bd18393
-
SHA512
1b236354452848a243a0087e56ebf67c117beefa66ab3bd1cdafc7758b2b5190162f2588ff16f4d7f4ac143b4e290d13089b69bb75f88094aa607701c7597413
-
SSDEEP
49152:JYchSrfptMpJHAeq1b4HddPKUtwgAzMnQCKQCvf:HSrfoHAe1wgQwQ3f
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-