Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3834eba23e5c155db7d8ce3743b34644.exe
-
Size
3.1MB
-
Sample
241119-sazt2sslak
-
MD5
3834eba23e5c155db7d8ce3743b34644
-
SHA1
3858fd6a8101b2b2368c2daecdce40fd023c48ab
-
SHA256
3e2b2c3013037c3e4dc0e398cd913d8c0abc6be1ea00049b550c207aeee38ca1
-
SHA512
75b77971a3b21c536366c51f169e9e47b4e2bd184e87d7e3269868448d1bbe0344cf838cefc27520d374c4a81c334624e979f94943713864d98de7dae8db7ad0
-
SSDEEP
49152:xbwCbZ7VgixIqt4PAl0N2d5vfKqFLkc2f+qLYTmCAySNR3qCGmdwaeO:xbwEhp4PAl/5KULkvf2SRaCGOwaH
Malware Config
Extracted
xenorat
96.126.118.61
lokai_je_bruh_1337
-
delay
5000
-
install_path
appdata
-
port
4444
-
startup_name
Usermode Disk Driver Host
Targets
-
-
Target
3834eba23e5c155db7d8ce3743b34644.exe
-
Size
3.1MB
-
MD5
3834eba23e5c155db7d8ce3743b34644
-
SHA1
3858fd6a8101b2b2368c2daecdce40fd023c48ab
-
SHA256
3e2b2c3013037c3e4dc0e398cd913d8c0abc6be1ea00049b550c207aeee38ca1
-
SHA512
75b77971a3b21c536366c51f169e9e47b4e2bd184e87d7e3269868448d1bbe0344cf838cefc27520d374c4a81c334624e979f94943713864d98de7dae8db7ad0
-
SSDEEP
49152:xbwCbZ7VgixIqt4PAl0N2d5vfKqFLkc2f+qLYTmCAySNR3qCGmdwaeO:xbwEhp4PAl/5KULkvf2SRaCGOwaH
Score10/10-
XenorRat
XenorRat is a remote access trojan written in C#.
-
Xenorat family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-