Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9e1cbccfd1be82339eb2e4fe18d3ace3
-
Size
641KB
-
Sample
220922-2dtlwagdan
-
MD5
9e1cbccfd1be82339eb2e4fe18d3ace3
-
SHA1
cc29d48f2d610e4f894513ae997ea8e1b0933b71
-
SHA256
afbd34b2cfe922d0eb40529d7c8b640a18ffe0e1c3b6c809960995f92c7b554f
-
SHA512
fca655017feea4cbffd0ef832953701d25ac197a9c19a7ab3a6459c9eeccbc090ab288f0aeba91791b0c69b74343e5a178883c9ecff054c918844637c30f01b2
-
SSDEEP
12288:f2FwjL1HONSGytS6WyhVPvWalbKYRp1Y8C1Do3aA0+i:eajxus1tSbmWK5p1Y84Do3a0i
Static task
static1
Behavioral task
behavioral1
Sample
Novy zoznam objednavok.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Novy zoznam objednavok.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
xloader
2.5
euv4
anniebapartments.com
hagenbicycles.com
herbalist101.com
southerncorrosion.net
kuechenpruefer.com
tajniezdrzi.quest
segurofunerarioar.com
boardsandbeamsdecor.com
alifdanismanlik.com
pkem.top
mddc.clinic
handejqr.com
crux-at.com
awp.email
hugsforbubbs.com
cielotherepy.com
turkcuyuz.com
teamidc.com
lankasirinspa.com
68135.online
oprimanumerodos.com
launchclik.com
customapronsnow.com
thecuratedpour.com
20dzwww.com
encludemedia.com
kreativevisibility.net
mehfeels.com
oecmgroup.com
alert78.info
1207rossmoyne.com
spbutoto.com
t1uba.com
protection-onepa.com
byausorsm26-plala.xyz
bestpleasure4u.com
allmnlenem.quest
mobilpartes.com
fabio.tools
bubu3cin.com
nathanmartinez.digital
shristiprintingplaces.com
silkyflawless.com
berylgrote.top
laidbackfurniture.store
leatherman-neal.com
uschargeport.com
the-pumps.com
deepootech.com
drimev.com
seo-art.agency
jasabacklinkweb20.com
tracynicolalamond.com
dandtglaziers.com
vulacils.com
bendyourtongue.com
gulfund.com
ahmadfaizlajis.com
595531.com
metavillagehub.com
librairie-adrienne.com
77777.store
gongwenbo.com
game2plays.com
rematedeldia.com
Targets
-
-
Target
Novy zoznam objednavok.exe
-
Size
914KB
-
MD5
57c242b8773d84a2bbbd0bce804fedbb
-
SHA1
f5024d3caadb3753ee4ee6a2d86c9fee6529f73a
-
SHA256
fe323cd5a46b973a6e0ade0cab099d0f929351820421393b29c2a63df6cdd527
-
SHA512
e94af4b28b15ef6ee311958bd4cb428a736e90e3054409375e2d1749052610c8f3e9e10f91cdee6f3556040e396bc72e10b55b887fa5033fd5dd6c83ae8c1821
-
SSDEEP
12288:PcZI0RpZLWuz11zDo3A0eMqM1PyYiDuB6ZGK7jq8OMEI3c41RMCoqlkXWt9Nt1/Z:P4PZKkn8feMqMY3+6HyLwrbMr7c
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Xloader payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-