Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7daa1c83202123467bc90cd23f66abc1

  • Size

    12.1MB

  • Sample

    240128-ws439sggej

  • MD5

    7daa1c83202123467bc90cd23f66abc1

  • SHA1

    34b1a8f049cdd12b67987914abd40ee17df9a610

  • SHA256

    14115a4b25f3d0f88969639d30b2ce26ea61409028e441b5dac10c8d4b3a3919

  • SHA512

    1f6c75a28ce24123bd708b8b466439e808e26b0bc877ef221a942d1c04d3538682c41f3c0f052f5e0087c32907b3b9fd137d906c347c1742898be4f53a872536

  • SSDEEP

    196608:nmzZt2fl4ixIyKOP4gknYpLpw29+QomsCtaD3QOatJGhUPk:6tkxOOP4g2YprMQKIlahUPk

Malware Config

Targets

    • Target

      192.168.0.201_ClientSetup.exe

    • Size

      4.9MB

    • MD5

      b1d5c9b7445e0472fdaf6be845045ec3

    • SHA1

      0448450f63a21f3c96c50ea6c9b63d1f7870a3c8

    • SHA256

      e8b66676518ff84b417a25942ce398003177f6863440f990c2f98be179dc08df

    • SHA512

      9e5c59e4cd440b68f2c258cac947aa0c968aa088246d8bae0b699a4fe60e500eb10bfabb0d943b536205acb46d592484223bbc92fd24222a9701ca8be129c35c

    • SSDEEP

      98304:LJEkkuDuQ2VHSu28JwhD+Y//hqA3YJc1qjOF5pI/O3wmB3w:LJE9zVHSAAD+Y/PI61qjdkhw

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader First Stage

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      ServerSetup.exe

    • Size

      11.5MB

    • MD5

      77fe3873e0f3259292c6ec00b9644fb5

    • SHA1

      6f2d2196744836c969d8d046a342aa40dba452d9

    • SHA256

      6534f8b85d746b7cd9d58915754da54904d716e5028e5f28a5468998fbcc98d1

    • SHA512

      054b88da5be36d4372b1bebe00bd2b8230d0d9ed4b15d31101c678ed8a52ef07c7bceb60980fc4318d08f4b3e2569ed412c19057c0809fb3da3127f983c6437f

    • SSDEEP

      196608:/hCQkQ708MCNqZhGciNm2wFrVJE9zVHSAAD+Y/PI61qjdkh:UQkQzqgfNm2eJErSA6v/Q

    Score
    10/10
    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader First Stage

    • Target

      新云软件.url

    • Size

      133B

    • MD5

      4f0017b3b346bd0626f0c3b915e6e734

    • SHA1

      823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92

    • SHA256

      df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678

    • SHA512

      0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks