Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Main Engine 7s60mc,PDF.cmd
-
Size
6.4MB
-
Sample
240722-q1qb7azerf
-
MD5
f15e38f850728f3fc6773a7350e29304
-
SHA1
f13f88885c26b065ea8cf9e8113586ecca166ee7
-
SHA256
e79dbdc85cf532a13c172533edaf0893a34641b39522b70a31df7f442d0eaf0d
-
SHA512
961643be8a42c6608028524d3af21f407f453db9995682186283569b0ea1579d407386e0f79ab9a8b7455b61d0a66223c436b763e18b4dbff6952d0788767ea7
-
SSDEEP
49152:HMftY4zQT58J2f3nAJ3NB/D15t5+DUvW5nWffFOFg+N0DGvthGU9gx8ITAT4WGbs:H
Static task
static1
Behavioral task
behavioral1
Sample
Main Engine 7s60mc,PDF.cmd
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Main Engine 7s60mc,PDF.cmd
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
Main Engine 7s60mc,PDF.cmd
-
Size
6.4MB
-
MD5
f15e38f850728f3fc6773a7350e29304
-
SHA1
f13f88885c26b065ea8cf9e8113586ecca166ee7
-
SHA256
e79dbdc85cf532a13c172533edaf0893a34641b39522b70a31df7f442d0eaf0d
-
SHA512
961643be8a42c6608028524d3af21f407f453db9995682186283569b0ea1579d407386e0f79ab9a8b7455b61d0a66223c436b763e18b4dbff6952d0788767ea7
-
SSDEEP
49152:HMftY4zQT58J2f3nAJ3NB/D15t5+DUvW5nWffFOFg+N0DGvthGU9gx8ITAT4WGbs:H
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-