Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8bd2fe3bf67175888109452fcba5b14151bf154dc25cab07bf487ddc1d937a8d.exe
-
Size
1.8MB
-
Sample
241018-cls8ms1akg
-
MD5
ed823bab1a8201defe80d7094f95e702
-
SHA1
461970cacf03630f80febe66222142c5d8874fba
-
SHA256
8bd2fe3bf67175888109452fcba5b14151bf154dc25cab07bf487ddc1d937a8d
-
SHA512
3087a40234157878e4f4c7e52bd4998491047dbdcd16b63e7b1ffa98ecadd566582491be3740a4f27b4f04939f800748e54e5e16803dd07fed62a0b124ac260f
-
SSDEEP
49152:v6zdhl0Y4w5/cwZvoSfAvmGCQycpA8ToygAgNGkI5jZ:vEdhSw5/cwZoN1Pycpjgnm
Static task
static1
Behavioral task
behavioral1
Sample
8bd2fe3bf67175888109452fcba5b14151bf154dc25cab07bf487ddc1d937a8d.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
8bd2fe3bf67175888109452fcba5b14151bf154dc25cab07bf487ddc1d937a8d.exe
-
Size
1.8MB
-
MD5
ed823bab1a8201defe80d7094f95e702
-
SHA1
461970cacf03630f80febe66222142c5d8874fba
-
SHA256
8bd2fe3bf67175888109452fcba5b14151bf154dc25cab07bf487ddc1d937a8d
-
SHA512
3087a40234157878e4f4c7e52bd4998491047dbdcd16b63e7b1ffa98ecadd566582491be3740a4f27b4f04939f800748e54e5e16803dd07fed62a0b124ac260f
-
SSDEEP
49152:v6zdhl0Y4w5/cwZvoSfAvmGCQycpA8ToygAgNGkI5jZ:vEdhSw5/cwZoN1Pycpjgnm
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-