Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9a66f675b5bb95acd4d7d87370e493db283f89fda927cab337a2d73453f44f5f
-
Size
1.1MB
-
Sample
221206-tzkl4agg3s
-
MD5
e0ddbb692436904c906cb1efbaddff07
-
SHA1
202674f003cc2a262a9f02521464084ce3a3177f
-
SHA256
9a66f675b5bb95acd4d7d87370e493db283f89fda927cab337a2d73453f44f5f
-
SHA512
fbdd7bd21acd2e7ca7a3bff24adcc48b578e77bc4c7cf10c3a575bf53d70ec2b57b4ba82a56177cf15ff1a938a25640addd11edd030cc7d4c25be16929b800a7
-
SSDEEP
24576:fyP6j4ZCJ55Y3jVWdMB1hT96LQNWsJzvOUNMTJB0wA1TJez0:qkOzVNBDJ6LQVxoM1F
Static task
static1
Behavioral task
behavioral1
Sample
9a66f675b5bb95acd4d7d87370e493db283f89fda927cab337a2d73453f44f5f.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
9a66f675b5bb95acd4d7d87370e493db283f89fda927cab337a2d73453f44f5f.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.freehostia.com - Port:
21 - Username:
gognov - Password:
8525825
Targets
-
-
Target
9a66f675b5bb95acd4d7d87370e493db283f89fda927cab337a2d73453f44f5f
-
Size
1.1MB
-
MD5
e0ddbb692436904c906cb1efbaddff07
-
SHA1
202674f003cc2a262a9f02521464084ce3a3177f
-
SHA256
9a66f675b5bb95acd4d7d87370e493db283f89fda927cab337a2d73453f44f5f
-
SHA512
fbdd7bd21acd2e7ca7a3bff24adcc48b578e77bc4c7cf10c3a575bf53d70ec2b57b4ba82a56177cf15ff1a938a25640addd11edd030cc7d4c25be16929b800a7
-
SSDEEP
24576:fyP6j4ZCJ55Y3jVWdMB1hT96LQNWsJzvOUNMTJB0wA1TJez0:qkOzVNBDJ6LQVxoM1F
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-