Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9a30602027dae451db62a56ec35407da31fd3c906e043784fc8e07787689eb39.exe
-
Size
1.8MB
-
Sample
241018-cqzafs1cna
-
MD5
b4b42d42e8416be5a8e8a82128fa5b7d
-
SHA1
afaa0dab7641ef5398cfbdf46cc3acc5f1cf4c81
-
SHA256
9a30602027dae451db62a56ec35407da31fd3c906e043784fc8e07787689eb39
-
SHA512
1d2a0a34c30444ab02081ef00388aea4eb8116d03d5945190f047b1dab6303950c6e7e49e6f536d746890fb43a2c55e248f5d757adee234437af16ac49974fe2
-
SSDEEP
49152:AwrTJ3mlwFh5zs6aAgui4TllbQ51wdg5M+RK3xtxl:AwrV3m+Ff0ARlr02g/Grxl
Static task
static1
Behavioral task
behavioral1
Sample
9a30602027dae451db62a56ec35407da31fd3c906e043784fc8e07787689eb39.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
9a30602027dae451db62a56ec35407da31fd3c906e043784fc8e07787689eb39.exe
-
Size
1.8MB
-
MD5
b4b42d42e8416be5a8e8a82128fa5b7d
-
SHA1
afaa0dab7641ef5398cfbdf46cc3acc5f1cf4c81
-
SHA256
9a30602027dae451db62a56ec35407da31fd3c906e043784fc8e07787689eb39
-
SHA512
1d2a0a34c30444ab02081ef00388aea4eb8116d03d5945190f047b1dab6303950c6e7e49e6f536d746890fb43a2c55e248f5d757adee234437af16ac49974fe2
-
SSDEEP
49152:AwrTJ3mlwFh5zs6aAgui4TllbQ51wdg5M+RK3xtxl:AwrV3m+Ff0ARlr02g/Grxl
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-