Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file.exe
-
Size
1.8MB
-
Sample
241017-vqf3zswcqg
-
MD5
52da2906c78bc9840cf933c8bcbf351a
-
SHA1
92df58073f14470dc06759af4fec2e9f4c8204ce
-
SHA256
dcb3603ec608359cad55552387cd857560e3bf9a3b0f0a9b94cc02f569ba314d
-
SHA512
aa7e4015715e154702a74c4b54ce6a477ae4e5c7281022c7aae00e284079c3b5606098125da1895de7b873b5b7ea07fda2988c2e1f9d5731cce8993851db4da9
-
SSDEEP
49152:c2G2GqZJgjovG8BQmVswkY/aqhxnSWp3Fw0d4VPMCsve:M2JKovsKakFSkmNPB4e
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
file.exe
-
Size
1.8MB
-
MD5
52da2906c78bc9840cf933c8bcbf351a
-
SHA1
92df58073f14470dc06759af4fec2e9f4c8204ce
-
SHA256
dcb3603ec608359cad55552387cd857560e3bf9a3b0f0a9b94cc02f569ba314d
-
SHA512
aa7e4015715e154702a74c4b54ce6a477ae4e5c7281022c7aae00e284079c3b5606098125da1895de7b873b5b7ea07fda2988c2e1f9d5731cce8993851db4da9
-
SSDEEP
49152:c2G2GqZJgjovG8BQmVswkY/aqhxnSWp3Fw0d4VPMCsve:M2JKovsKakFSkmNPB4e
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-