Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
msm.ex
-
Size
2.1MB
-
Sample
250226-2l36aav1e1
-
MD5
78d3152616dedb9801ce61015324ae8a
-
SHA1
e8a31f392db771e8ca7759c11de53519a48e0fc0
-
SHA256
98d8fec346fc1865dc8b620f74826f484fe9c0c705dc9d58c5f44df934a01208
-
SHA512
20ab9c27d1b1774859adf5304f10118e63c43db978d6d884aa1deb5c53b1884d5529350a3f0d8fd66b0d99dc19653c431d5f508b0ebc718783bd16083f52daf3
-
SSDEEP
49152:thZdDpYdeWcDjyKwqCj8IXNMm91ZkCWPZgA5zJ8cFPK3cQO7F3U:tXppYQsKEtahPe+
Malware Config
Targets
-
-
Target
msm.ex
-
Size
2.1MB
-
MD5
78d3152616dedb9801ce61015324ae8a
-
SHA1
e8a31f392db771e8ca7759c11de53519a48e0fc0
-
SHA256
98d8fec346fc1865dc8b620f74826f484fe9c0c705dc9d58c5f44df934a01208
-
SHA512
20ab9c27d1b1774859adf5304f10118e63c43db978d6d884aa1deb5c53b1884d5529350a3f0d8fd66b0d99dc19653c431d5f508b0ebc718783bd16083f52daf3
-
SSDEEP
49152:thZdDpYdeWcDjyKwqCj8IXNMm91ZkCWPZgA5zJ8cFPK3cQO7F3U:tXppYQsKEtahPe+
Score10/10-
DarkTrack
DarkTrack is a remote administration tool written in delphi.
-
DarkTrack payload
-
Darktrack family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-