Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bb30036c2f05e58f8c67671641ea24ddf83e21c144a79f49b154111748f6360a

  • Size

    2.0MB

  • Sample

    221205-x5f3mscb2v

  • MD5

    0fc1730798351bcc6102a58d5ad28d20

  • SHA1

    84a4a98b2a3a6ccc20a166931aee142f9a2782ff

  • SHA256

    bb30036c2f05e58f8c67671641ea24ddf83e21c144a79f49b154111748f6360a

  • SHA512

    85729ffd9620b088ccebc718038349d3416d403a418221f6ed9f956abaae726e6f55b9970515f237378b9372819238b94147107ecb40ae825e442e4a5c165a53

  • SSDEEP

    49152:L1x3N14teon5SixbqYtgNxqGWljQsLlfrB8/tjU:Jxz4teonIixbqY6x2jnfrBUjU

Malware Config

Targets

    • Target

      bb30036c2f05e58f8c67671641ea24ddf83e21c144a79f49b154111748f6360a

    • Size

      2.0MB

    • MD5

      0fc1730798351bcc6102a58d5ad28d20

    • SHA1

      84a4a98b2a3a6ccc20a166931aee142f9a2782ff

    • SHA256

      bb30036c2f05e58f8c67671641ea24ddf83e21c144a79f49b154111748f6360a

    • SHA512

      85729ffd9620b088ccebc718038349d3416d403a418221f6ed9f956abaae726e6f55b9970515f237378b9372819238b94147107ecb40ae825e442e4a5c165a53

    • SSDEEP

      49152:L1x3N14teon5SixbqYtgNxqGWljQsLlfrB8/tjU:Jxz4teonIixbqY6x2jnfrBUjU

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks