Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ef341e1a40b36fd78da2d13e8097015697630cd505b8eb8ad83df1aa46664eac.zip
-
Size
972KB
-
Sample
240219-q1gp2seb79
-
MD5
7190bcedd54762250ab70245b17e88a5
-
SHA1
4e9144739518cc2a0a89c75bb4be55be44a0a814
-
SHA256
997bdf3efeccba5e6dfce9da65b24d317143e8f400371039a072d7c5794defd0
-
SHA512
ae328f3ac0381310c5746fdd6bf3ebae2c994d7436096795be8f660acdff8a7fdf95cd96bd6fed098ac7725f2136e31351cfc012c0e85090e200a52c770ba0d5
-
SSDEEP
24576:ptYBMf+6Wtlga4oUy741KkoAXeegzmXflqBbaOEdF8/AAJ1nCF+:ptYBCq5zUICoJjylqKFuAAJJw+
Static task
static1
Behavioral task
behavioral1
Sample
KYC_FORM_INCORRECT_ADDRESS.bat
Resource
win10-20240214-en
Malware Config
Targets
-
-
Target
KYC_FORM_INCORRECT_ADDRESS.bat
-
Size
7.2MB
-
MD5
61637d3e7a53bd64315206e11bf95232
-
SHA1
3e79ab07e84308d7cb960c0713c72d1017b743ab
-
SHA256
473b5644baac3f8f574e40eca678b03e249f8f817f2add0ab13af6d2546e65d4
-
SHA512
6a037181fbd049ec8ac3d34414bfd2249cc6db15ce11b171f37f1321ac7353e2e41d3aeda1b2bcfea2b18d386aae1ea568d28bb32b9f6b207ef604d6d0120d53
-
SSDEEP
24576:jP+t895DoY73i1hELFq10l4AhwS/uCP6APFmDRcoybgxZfbJhgVQ5y0i+p70cZDC:jj9hoKy1IG0yu/rPbADoglhgf0i+m
-
Detect ZGRat V1
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Creates new service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1