Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.f4789d1b87490b9424ca6c0186324320_JC.exe

  • Size

    326KB

  • Sample

    231104-m3jqmsgd7y

  • MD5

    f4789d1b87490b9424ca6c0186324320

  • SHA1

    4d439646a9f1a476db03ba837a6c09d096b33aaf

  • SHA256

    367825ee9ba73d84036b0909e07205295077297294d7f5b944e8017d0a49a243

  • SHA512

    190d46e710610e2e3b147330f794adbbd2215498bcc3c6aa266cc3c8f7d33da87e93215a56e0379e8018b86c83bbe109a870a7e67a3cabffc057d7d510edabd3

  • SSDEEP

    3072:Ie2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:IsxD5cwohO+O1sVG0/pZ6iPC8

Malware Config

Targets

    • Target

      NEAS.f4789d1b87490b9424ca6c0186324320_JC.exe

    • Size

      326KB

    • MD5

      f4789d1b87490b9424ca6c0186324320

    • SHA1

      4d439646a9f1a476db03ba837a6c09d096b33aaf

    • SHA256

      367825ee9ba73d84036b0909e07205295077297294d7f5b944e8017d0a49a243

    • SHA512

      190d46e710610e2e3b147330f794adbbd2215498bcc3c6aa266cc3c8f7d33da87e93215a56e0379e8018b86c83bbe109a870a7e67a3cabffc057d7d510edabd3

    • SSDEEP

      3072:Ie2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:IsxD5cwohO+O1sVG0/pZ6iPC8

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks