Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Nbvkrvfanxfmla.exe

  • Size

    899KB

  • Sample

    230531-kd9vesec21

  • MD5

    6afa6592e709e8a3bd291d579ee140b0

  • SHA1

    c45d7695612191c4630825759d1ee90efeb5f63c

  • SHA256

    ad5131dfaba269367d500cd343ccc1956434b4cb21c2fcd163545c433deded66

  • SHA512

    bdfb0e2d89089f8ec019e8b23687de9d0bb9f45b6194631f73df6def6698058187071da0300502ea4df566e46b1f1b02244b1dc0bae0a7801090886f9d992c91

  • SSDEEP

    12288:H7uk7C8LDMu42r0Dyo6Te5rf1C7nh5YaGNr23ax56pw1MJf:HC52r0WorR4Dw23i+w1

Malware Config

Targets

    • Target

      Nbvkrvfanxfmla.exe

    • Size

      899KB

    • MD5

      6afa6592e709e8a3bd291d579ee140b0

    • SHA1

      c45d7695612191c4630825759d1ee90efeb5f63c

    • SHA256

      ad5131dfaba269367d500cd343ccc1956434b4cb21c2fcd163545c433deded66

    • SHA512

      bdfb0e2d89089f8ec019e8b23687de9d0bb9f45b6194631f73df6def6698058187071da0300502ea4df566e46b1f1b02244b1dc0bae0a7801090886f9d992c91

    • SSDEEP

      12288:H7uk7C8LDMu42r0Dyo6Te5rf1C7nh5YaGNr23ax56pw1MJf:HC52r0WorR4Dw23i+w1

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks