Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
cd64543b60da4628be4b8bc7b4004f80N
-
Size
308KB
-
Sample
240913-hzg1es1dmd
-
MD5
cd64543b60da4628be4b8bc7b4004f80
-
SHA1
a3d7516da61656645be1d1abeb17604b23f74774
-
SHA256
e380bdb7e1a419c846f4cc718095cfb944fa114d81012a139b424784e4a32091
-
SHA512
dea529f3987c53f41ee8b23b1bc30fb2b53da774b2a443a70db51e47bcdb73f5f21a30a908aad64dbc6ac99e4c4d27858d8b81b845e3bc1162c8f88487a0d5b7
-
SSDEEP
3072:/c3sBG7mXh7m/zZM3jAbNOM6CNtDCZFL:E3sBz0Z4Mj72F
Malware Config
Targets
-
-
Target
cd64543b60da4628be4b8bc7b4004f80N
-
Size
308KB
-
MD5
cd64543b60da4628be4b8bc7b4004f80
-
SHA1
a3d7516da61656645be1d1abeb17604b23f74774
-
SHA256
e380bdb7e1a419c846f4cc718095cfb944fa114d81012a139b424784e4a32091
-
SHA512
dea529f3987c53f41ee8b23b1bc30fb2b53da774b2a443a70db51e47bcdb73f5f21a30a908aad64dbc6ac99e4c4d27858d8b81b845e3bc1162c8f88487a0d5b7
-
SSDEEP
3072:/c3sBG7mXh7m/zZM3jAbNOM6CNtDCZFL:E3sBz0Z4Mj72F
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-