Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2025-03-02_e4bcc1d9c68720fad310d7a0c45d7fa4_frostygoop_golang_luca-stealer_poet-rat_sliver_snatch
-
Size
23.2MB
-
Sample
250302-cpw4ps1sbs
-
MD5
e4bcc1d9c68720fad310d7a0c45d7fa4
-
SHA1
7c66a20f739b03398d5dd60ee46c128fa17e4465
-
SHA256
c45775f62ad17ad69909050f2d6140c45d7106de6578969456d3d4299c49cb91
-
SHA512
a2bc5991dd4a5c4575414ffe55b3d86b6ad928d7d873e604dfca7404013a2c5495fd3bac32465a31d5cfff2d0afb20fa80389e9c8c77e5b52e5c770f573a6cbb
-
SSDEEP
393216:jzKLuXX+4JPVrpyeU15rIPPhnUed1r9S3WadV:aLubJPVVo5riPPnra
Behavioral task
behavioral1
Sample
2025-03-02_e4bcc1d9c68720fad310d7a0c45d7fa4_frostygoop_golang_luca-stealer_poet-rat_sliver_snatch.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
2025-03-02_e4bcc1d9c68720fad310d7a0c45d7fa4_frostygoop_golang_luca-stealer_poet-rat_sliver_snatch.exe
Resource
win10v2004-20250217-en
Malware Config
Targets
-
-
Target
2025-03-02_e4bcc1d9c68720fad310d7a0c45d7fa4_frostygoop_golang_luca-stealer_poet-rat_sliver_snatch
-
Size
23.2MB
-
MD5
e4bcc1d9c68720fad310d7a0c45d7fa4
-
SHA1
7c66a20f739b03398d5dd60ee46c128fa17e4465
-
SHA256
c45775f62ad17ad69909050f2d6140c45d7106de6578969456d3d4299c49cb91
-
SHA512
a2bc5991dd4a5c4575414ffe55b3d86b6ad928d7d873e604dfca7404013a2c5495fd3bac32465a31d5cfff2d0afb20fa80389e9c8c77e5b52e5c770f573a6cbb
-
SSDEEP
393216:jzKLuXX+4JPVrpyeU15rIPPhnUed1r9S3WadV:aLubJPVVo5riPPnra
Score9/10-
Enumerates VirtualBox DLL files
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Xen via ACPI registry values (likely anti-VM)
-
Looks for Parallels drivers on disk.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VirtualBox drivers on disk
-
Looks for VirtualBox executables on disk
-
Looks for VMWare Tools registry key
-
Looks for VMWare drivers on disk
-
Looks for VMWare services registry key.
-
Looks for Xen service registry key.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
12