Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9a66f675b5bb95acd4d7d87370e493db283f89fda927cab337a2d73453f44f5f

  • Size

    1.1MB

  • Sample

    221206-tzkl4agg3s

  • MD5

    e0ddbb692436904c906cb1efbaddff07

  • SHA1

    202674f003cc2a262a9f02521464084ce3a3177f

  • SHA256

    9a66f675b5bb95acd4d7d87370e493db283f89fda927cab337a2d73453f44f5f

  • SHA512

    fbdd7bd21acd2e7ca7a3bff24adcc48b578e77bc4c7cf10c3a575bf53d70ec2b57b4ba82a56177cf15ff1a938a25640addd11edd030cc7d4c25be16929b800a7

  • SSDEEP

    24576:fyP6j4ZCJ55Y3jVWdMB1hT96LQNWsJzvOUNMTJB0wA1TJez0:qkOzVNBDJ6LQVxoM1F

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.freehostia.com
  • Port:
    21
  • Username:
    gognov
  • Password:
    8525825

Targets

    • Target

      9a66f675b5bb95acd4d7d87370e493db283f89fda927cab337a2d73453f44f5f

    • Size

      1.1MB

    • MD5

      e0ddbb692436904c906cb1efbaddff07

    • SHA1

      202674f003cc2a262a9f02521464084ce3a3177f

    • SHA256

      9a66f675b5bb95acd4d7d87370e493db283f89fda927cab337a2d73453f44f5f

    • SHA512

      fbdd7bd21acd2e7ca7a3bff24adcc48b578e77bc4c7cf10c3a575bf53d70ec2b57b4ba82a56177cf15ff1a938a25640addd11edd030cc7d4c25be16929b800a7

    • SSDEEP

      24576:fyP6j4ZCJ55Y3jVWdMB1hT96LQNWsJzvOUNMTJB0wA1TJez0:qkOzVNBDJ6LQVxoM1F

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks