Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9d0d64f0f7ae03a45d4c2e914f1dd6ebd79a0701ef2dd38cabbffd53b3d48b8e

  • Size

    388KB

  • Sample

    221206-ktq29afa2x

  • MD5

    c7c3b1dfc231e192d1886d682ff941ca

  • SHA1

    6b3e0ad82026e25bd60a9b71fef5b67396696320

  • SHA256

    9d0d64f0f7ae03a45d4c2e914f1dd6ebd79a0701ef2dd38cabbffd53b3d48b8e

  • SHA512

    f930640e2acc12aba970f8ab56a87f1ab613569d1d3a0c24b2f4c5265533edffc795a5614f821ec9d7406f5905fef6c5878997e2aa43234a09d18a3b5864fe08

  • SSDEEP

    6144:7bOAmC045lY0Z79BZb4SCnG35g6N0QJpvJGEGOKPbXl9X0J0qOxl4FBBb86:RmC08W+9BZb3p32qX3v4EAVGeJ4Fd

Malware Config

Targets

    • Target

      9d0d64f0f7ae03a45d4c2e914f1dd6ebd79a0701ef2dd38cabbffd53b3d48b8e

    • Size

      388KB

    • MD5

      c7c3b1dfc231e192d1886d682ff941ca

    • SHA1

      6b3e0ad82026e25bd60a9b71fef5b67396696320

    • SHA256

      9d0d64f0f7ae03a45d4c2e914f1dd6ebd79a0701ef2dd38cabbffd53b3d48b8e

    • SHA512

      f930640e2acc12aba970f8ab56a87f1ab613569d1d3a0c24b2f4c5265533edffc795a5614f821ec9d7406f5905fef6c5878997e2aa43234a09d18a3b5864fe08

    • SSDEEP

      6144:7bOAmC045lY0Z79BZb4SCnG35g6N0QJpvJGEGOKPbXl9X0J0qOxl4FBBb86:RmC08W+9BZb3p32qX3v4EAVGeJ4Fd

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies WinLogon for persistence

    • ModiLoader Second Stage

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks