Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Nbvkrvfanxfmla.exe
-
Size
899KB
-
Sample
230531-kd9vesec21
-
MD5
6afa6592e709e8a3bd291d579ee140b0
-
SHA1
c45d7695612191c4630825759d1ee90efeb5f63c
-
SHA256
ad5131dfaba269367d500cd343ccc1956434b4cb21c2fcd163545c433deded66
-
SHA512
bdfb0e2d89089f8ec019e8b23687de9d0bb9f45b6194631f73df6def6698058187071da0300502ea4df566e46b1f1b02244b1dc0bae0a7801090886f9d992c91
-
SSDEEP
12288:H7uk7C8LDMu42r0Dyo6Te5rf1C7nh5YaGNr23ax56pw1MJf:HC52r0WorR4Dw23i+w1
Static task
static1
Behavioral task
behavioral1
Sample
Nbvkrvfanxfmla.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Nbvkrvfanxfmla.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
Nbvkrvfanxfmla.exe
-
Size
899KB
-
MD5
6afa6592e709e8a3bd291d579ee140b0
-
SHA1
c45d7695612191c4630825759d1ee90efeb5f63c
-
SHA256
ad5131dfaba269367d500cd343ccc1956434b4cb21c2fcd163545c433deded66
-
SHA512
bdfb0e2d89089f8ec019e8b23687de9d0bb9f45b6194631f73df6def6698058187071da0300502ea4df566e46b1f1b02244b1dc0bae0a7801090886f9d992c91
-
SSDEEP
12288:H7uk7C8LDMu42r0Dyo6Te5rf1C7nh5YaGNr23ax56pw1MJf:HC52r0WorR4Dw23i+w1
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-