Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
18d5de366cc485f106923690a3b816e582cded05f43ccb5de5d790333b2e3656
-
Size
1.8MB
-
Sample
250107-n471asznf1
-
MD5
470bf2ba833f097089f37e78c3df7f08
-
SHA1
de37ca21bdcc7f00edcdba89be290d32bea02c28
-
SHA256
18d5de366cc485f106923690a3b816e582cded05f43ccb5de5d790333b2e3656
-
SHA512
528613da731aaf565693da64a3a220886d1c5b958b44b72e7afb822735899ca4dcc9ab237581c0d9245fe3a5abbdf5c8db44825f2c4fe77aa488cd8a09f806de
-
SSDEEP
49152:rivEF0DLLjhBnEMMKMHhvGCynu3CSLkL:rivBLLnEMMKMBvGCynu3CSY
Static task
static1
Behavioral task
behavioral1
Sample
18d5de366cc485f106923690a3b816e582cded05f43ccb5de5d790333b2e3656.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
brat
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
18d5de366cc485f106923690a3b816e582cded05f43ccb5de5d790333b2e3656
-
Size
1.8MB
-
MD5
470bf2ba833f097089f37e78c3df7f08
-
SHA1
de37ca21bdcc7f00edcdba89be290d32bea02c28
-
SHA256
18d5de366cc485f106923690a3b816e582cded05f43ccb5de5d790333b2e3656
-
SHA512
528613da731aaf565693da64a3a220886d1c5b958b44b72e7afb822735899ca4dcc9ab237581c0d9245fe3a5abbdf5c8db44825f2c4fe77aa488cd8a09f806de
-
SSDEEP
49152:rivEF0DLLjhBnEMMKMHhvGCynu3CSLkL:rivBLLnEMMKMBvGCynu3CSY
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-