Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fd163fd39079c61bd16fc6d78e653289400443b771e28b0b15c8bb0e9ca38506

  • Size

    235KB

  • Sample

    221020-lqrp2sgacn

  • MD5

    5fcdf5c35a7cbe6a59524c1f0f328cfb

  • SHA1

    a37be0a5af9e81ff97aaddad0c346dd80eb76b18

  • SHA256

    fd163fd39079c61bd16fc6d78e653289400443b771e28b0b15c8bb0e9ca38506

  • SHA512

    fa7c3d348326cb62264b252a78bea14b8c23ecd1d4a2574e7893b5212bbc9a1b9e8aa67f2a39c08b6a618459d59a57034031cf21bc3ffb4ffe0e751985998014

  • SSDEEP

    3072:3Gvo6giwpW9DGD2VdKvY/gIg/CtTIuOmxkiozXgeXdHwTBf4Wgczc+0ieoM:3G377xS2Vp2CeiorXdwTBgWx4D

Malware Config

Targets

    • Target

      fd163fd39079c61bd16fc6d78e653289400443b771e28b0b15c8bb0e9ca38506

    • Size

      235KB

    • MD5

      5fcdf5c35a7cbe6a59524c1f0f328cfb

    • SHA1

      a37be0a5af9e81ff97aaddad0c346dd80eb76b18

    • SHA256

      fd163fd39079c61bd16fc6d78e653289400443b771e28b0b15c8bb0e9ca38506

    • SHA512

      fa7c3d348326cb62264b252a78bea14b8c23ecd1d4a2574e7893b5212bbc9a1b9e8aa67f2a39c08b6a618459d59a57034031cf21bc3ffb4ffe0e751985998014

    • SSDEEP

      3072:3Gvo6giwpW9DGD2VdKvY/gIg/CtTIuOmxkiozXgeXdHwTBf4Wgczc+0ieoM:3G377xS2Vp2CeiorXdwTBgWx4D

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • ModiLoader Second Stage

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks