Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.f4789d1b87490b9424ca6c0186324320_JC.exe
-
Size
326KB
-
Sample
231104-m3jqmsgd7y
-
MD5
f4789d1b87490b9424ca6c0186324320
-
SHA1
4d439646a9f1a476db03ba837a6c09d096b33aaf
-
SHA256
367825ee9ba73d84036b0909e07205295077297294d7f5b944e8017d0a49a243
-
SHA512
190d46e710610e2e3b147330f794adbbd2215498bcc3c6aa266cc3c8f7d33da87e93215a56e0379e8018b86c83bbe109a870a7e67a3cabffc057d7d510edabd3
-
SSDEEP
3072:Ie2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:IsxD5cwohO+O1sVG0/pZ6iPC8
Behavioral task
behavioral1
Sample
NEAS.f4789d1b87490b9424ca6c0186324320_JC.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.f4789d1b87490b9424ca6c0186324320_JC.exe
Resource
win10v2004-20231020-en
Malware Config
Targets
-
-
Target
NEAS.f4789d1b87490b9424ca6c0186324320_JC.exe
-
Size
326KB
-
MD5
f4789d1b87490b9424ca6c0186324320
-
SHA1
4d439646a9f1a476db03ba837a6c09d096b33aaf
-
SHA256
367825ee9ba73d84036b0909e07205295077297294d7f5b944e8017d0a49a243
-
SHA512
190d46e710610e2e3b147330f794adbbd2215498bcc3c6aa266cc3c8f7d33da87e93215a56e0379e8018b86c83bbe109a870a7e67a3cabffc057d7d510edabd3
-
SSDEEP
3072:Ie2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:IsxD5cwohO+O1sVG0/pZ6iPC8
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-