Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3834eba23e5c155db7d8ce3743b34644.exe

  • Size

    3.1MB

  • Sample

    241119-sazt2sslak

  • MD5

    3834eba23e5c155db7d8ce3743b34644

  • SHA1

    3858fd6a8101b2b2368c2daecdce40fd023c48ab

  • SHA256

    3e2b2c3013037c3e4dc0e398cd913d8c0abc6be1ea00049b550c207aeee38ca1

  • SHA512

    75b77971a3b21c536366c51f169e9e47b4e2bd184e87d7e3269868448d1bbe0344cf838cefc27520d374c4a81c334624e979f94943713864d98de7dae8db7ad0

  • SSDEEP

    49152:xbwCbZ7VgixIqt4PAl0N2d5vfKqFLkc2f+qLYTmCAySNR3qCGmdwaeO:xbwEhp4PAl/5KULkvf2SRaCGOwaH

Malware Config

Extracted

Family

xenorat

C2

96.126.118.61

Mutex

lokai_je_bruh_1337

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    4444

  • startup_name

    Usermode Disk Driver Host

Targets

    • Target

      3834eba23e5c155db7d8ce3743b34644.exe

    • Size

      3.1MB

    • MD5

      3834eba23e5c155db7d8ce3743b34644

    • SHA1

      3858fd6a8101b2b2368c2daecdce40fd023c48ab

    • SHA256

      3e2b2c3013037c3e4dc0e398cd913d8c0abc6be1ea00049b550c207aeee38ca1

    • SHA512

      75b77971a3b21c536366c51f169e9e47b4e2bd184e87d7e3269868448d1bbe0344cf838cefc27520d374c4a81c334624e979f94943713864d98de7dae8db7ad0

    • SSDEEP

      49152:xbwCbZ7VgixIqt4PAl0N2d5vfKqFLkc2f+qLYTmCAySNR3qCGmdwaeO:xbwEhp4PAl/5KULkvf2SRaCGOwaH

    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Xenorat family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks