Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

257a6e3e23...08.exe

windows7-x64

10

257a6e3e23...08.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    257a6e3e23b664815f636174af3e27202d075e004c8ce361687408544aa9d808

  • Size

    807KB

  • Sample

    221107-ymfjtsfaf7

  • MD5

    04574e7a8491826089cf54aea7f6e011

  • SHA1

    00c07bb3ae260b15cb24fa43c199d3e8d132e546

  • SHA256

    257a6e3e23b664815f636174af3e27202d075e004c8ce361687408544aa9d808

  • SHA512

    e01119b200640006462a289f45c2f7a5721dfbfec4b80f49eba6cb92f19ff9ad2d9af22045c36275662ef41873c513f13b1696b0247b34233a1f19ff254d26cf

  • SSDEEP

    24576:FYkjlCgR+tmbs1t9qgYohxfloUZhjaoJKwbgy:FYsChtmMKcoUvPJKwbgy

Score
10/10
modiloaderponydiscoveryevasionpersistenceratspywarestealertrojanupx

Malware Config

Targets

    • Target

      257a6e3e23b664815f636174af3e27202d075e004c8ce361687408544aa9d808

    • Size

      807KB

    • MD5

      04574e7a8491826089cf54aea7f6e011

    • SHA1

      00c07bb3ae260b15cb24fa43c199d3e8d132e546

    • SHA256

      257a6e3e23b664815f636174af3e27202d075e004c8ce361687408544aa9d808

    • SHA512

      e01119b200640006462a289f45c2f7a5721dfbfec4b80f49eba6cb92f19ff9ad2d9af22045c36275662ef41873c513f13b1696b0247b34233a1f19ff254d26cf

    • SSDEEP

      24576:FYkjlCgR+tmbs1t9qgYohxfloUZhjaoJKwbgy:FYsChtmMKcoUvPJKwbgy

    Score
    10/10
    modiloaderponydiscoveryevasionpersistenceratspywarestealertrojanupx

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modifies security service

      evasion

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • ModiLoader Second Stage

    • Disables taskbar notifications via registry modification

      evasion

    • Executes dropped EXE

    • Modifies Installed Components in the registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks