Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7980226125.zip
-
Size
451KB
-
Sample
220907-2bc64saddq
-
MD5
38a12d2c488eeebaed0f30a0fdddffeb
-
SHA1
5629c34b7a782965f92b3bc598907901e0fd31a3
-
SHA256
6af07885c117845bc153bb846c14f6a0694d86d488458a1d8c1f7d93675aaadf
-
SHA512
a637e399f82765dcedefcc3056bfe5e6838b06302536cb0f3c38900812ea361e51e696b8f2c6600fe13c54e4ae6b8ad54e91a46c796436da4c6b0cd29cc2fe36
-
SSDEEP
12288:4wjv7ztCNgRLZ6ocO+oA3vxh7lBOJZajp7rvV8tGfd8:tTygT/uvxpukhMGfC
Static task
static1
Behavioral task
behavioral1
Sample
Dospjela faktura.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Dospjela faktura.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
xloader
2.5
euv4
anniebapartments.com
hagenbicycles.com
herbalist101.com
southerncorrosion.net
kuechenpruefer.com
tajniezdrzi.quest
segurofunerarioar.com
boardsandbeamsdecor.com
alifdanismanlik.com
pkem.top
mddc.clinic
handejqr.com
crux-at.com
awp.email
hugsforbubbs.com
cielotherepy.com
turkcuyuz.com
teamidc.com
lankasirinspa.com
68135.online
oprimanumerodos.com
launchclik.com
customapronsnow.com
thecuratedpour.com
20dzwww.com
encludemedia.com
kreativevisibility.net
mehfeels.com
oecmgroup.com
alert78.info
1207rossmoyne.com
spbutoto.com
t1uba.com
protection-onepa.com
byausorsm26-plala.xyz
bestpleasure4u.com
allmnlenem.quest
mobilpartes.com
fabio.tools
bubu3cin.com
nathanmartinez.digital
shristiprintingplaces.com
silkyflawless.com
berylgrote.top
laidbackfurniture.store
leatherman-neal.com
uschargeport.com
the-pumps.com
deepootech.com
drimev.com
seo-art.agency
jasabacklinkweb20.com
tracynicolalamond.com
dandtglaziers.com
vulacils.com
bendyourtongue.com
gulfund.com
ahmadfaizlajis.com
595531.com
metavillagehub.com
librairie-adrienne.com
77777.store
gongwenbo.com
game2plays.com
rematedeldia.com
Targets
-
-
Target
Dospjela faktura.exe
-
Size
885KB
-
MD5
e128d5970cc2d13408916706d4191d55
-
SHA1
3405ca7211ed488ee29143783cc98ff91c78efb2
-
SHA256
f7dfefe374452d90bc99631bdd38de65f37ff3aefabaeb525aa2b3d97c6680b5
-
SHA512
f0d4424a75512e95d7934e8c643ac7807fec678e72c4593c62afc90fd22f9220462b27c1f0a23d27c2c0e4c80b17c15c334782c4aa1ebb7b951316b906584e56
-
SSDEEP
12288:+dvSgikKHSXrFGZ/1nPaPih+gTiwCAI5T7grmN7vwui44YXas4E+Jymf7fv:+dkDSXrAzaNaizeaNydYXas4E+Dv
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Xloader payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-