Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

Novy zozna...ok.exe

windows7-x64

10

Novy zozna...ok.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9e1cbccfd1be82339eb2e4fe18d3ace3

  • Size

    641KB

  • Sample

    220922-2dtlwagdan

  • MD5

    9e1cbccfd1be82339eb2e4fe18d3ace3

  • SHA1

    cc29d48f2d610e4f894513ae997ea8e1b0933b71

  • SHA256

    afbd34b2cfe922d0eb40529d7c8b640a18ffe0e1c3b6c809960995f92c7b554f

  • SHA512

    fca655017feea4cbffd0ef832953701d25ac197a9c19a7ab3a6459c9eeccbc090ab288f0aeba91791b0c69b74343e5a178883c9ecff054c918844637c30f01b2

  • SSDEEP

    12288:f2FwjL1HONSGytS6WyhVPvWalbKYRp1Y8C1Do3aA0+i:eajxus1tSbmWK5p1Y84Do3a0i

Score
10/10
modiloaderxloadereuv4loaderpersistencerattrojan

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euv4

Decoy

anniebapartments.com

hagenbicycles.com

herbalist101.com

southerncorrosion.net

kuechenpruefer.com

tajniezdrzi.quest

segurofunerarioar.com

boardsandbeamsdecor.com

alifdanismanlik.com

pkem.top

mddc.clinic

handejqr.com

crux-at.com

awp.email

hugsforbubbs.com

cielotherepy.com

turkcuyuz.com

teamidc.com

lankasirinspa.com

68135.online

Targets

    • Target

      Novy zoznam objednavok.exe

    • Size

      914KB

    • MD5

      57c242b8773d84a2bbbd0bce804fedbb

    • SHA1

      f5024d3caadb3753ee4ee6a2d86c9fee6529f73a

    • SHA256

      fe323cd5a46b973a6e0ade0cab099d0f929351820421393b29c2a63df6cdd527

    • SHA512

      e94af4b28b15ef6ee311958bd4cb428a736e90e3054409375e2d1749052610c8f3e9e10f91cdee6f3556040e396bc72e10b55b887fa5033fd5dd6c83ae8c1821

    • SSDEEP

      12288:PcZI0RpZLWuz11zDo3A0eMqM1PyYiDuB6ZGK7jq8OMEI3c41RMCoqlkXWt9Nt1/Z:P4PZKkn8feMqMY3+6HyLwrbMr7c

    Score
    10/10
    modiloadertrojanxloadereuv4loaderpersistencerat

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • ModiLoader Second Stage

    • Xloader payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks