Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bd329e2032e91113d0347f2ad0ce4ed0N.exe
-
Size
130KB
-
Sample
240913-rzthwstglp
-
MD5
bd329e2032e91113d0347f2ad0ce4ed0
-
SHA1
de9b4bd503ef5f1b472748008a0053c3c04ca542
-
SHA256
5ed41f3b9b9020c62db15bcc0fcee7347a9d95d8a0c50c9672d4659bb36860ff
-
SHA512
54c39715dd3cac70d19c4d2e28ba6aa31db570fddbd68366b346e210806d3ec0ae8320cc1388f7a8aeaa2e3a7cdcc2380756470911cdcd102c8762eb631072b2
-
SSDEEP
1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmZ/:SKQJcinxphkG5Q6GdpIOkJHhKRyOXKV
Behavioral task
behavioral1
Sample
bd329e2032e91113d0347f2ad0ce4ed0N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
bd329e2032e91113d0347f2ad0ce4ed0N.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
bd329e2032e91113d0347f2ad0ce4ed0N.exe
-
Size
130KB
-
MD5
bd329e2032e91113d0347f2ad0ce4ed0
-
SHA1
de9b4bd503ef5f1b472748008a0053c3c04ca542
-
SHA256
5ed41f3b9b9020c62db15bcc0fcee7347a9d95d8a0c50c9672d4659bb36860ff
-
SHA512
54c39715dd3cac70d19c4d2e28ba6aa31db570fddbd68366b346e210806d3ec0ae8320cc1388f7a8aeaa2e3a7cdcc2380756470911cdcd102c8762eb631072b2
-
SSDEEP
1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmZ/:SKQJcinxphkG5Q6GdpIOkJHhKRyOXKV
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-