Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bd329e2032e91113d0347f2ad0ce4ed0N.exe

  • Size

    130KB

  • Sample

    240913-rzthwstglp

  • MD5

    bd329e2032e91113d0347f2ad0ce4ed0

  • SHA1

    de9b4bd503ef5f1b472748008a0053c3c04ca542

  • SHA256

    5ed41f3b9b9020c62db15bcc0fcee7347a9d95d8a0c50c9672d4659bb36860ff

  • SHA512

    54c39715dd3cac70d19c4d2e28ba6aa31db570fddbd68366b346e210806d3ec0ae8320cc1388f7a8aeaa2e3a7cdcc2380756470911cdcd102c8762eb631072b2

  • SSDEEP

    1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmZ/:SKQJcinxphkG5Q6GdpIOkJHhKRyOXKV

Malware Config

Targets

    • Target

      bd329e2032e91113d0347f2ad0ce4ed0N.exe

    • Size

      130KB

    • MD5

      bd329e2032e91113d0347f2ad0ce4ed0

    • SHA1

      de9b4bd503ef5f1b472748008a0053c3c04ca542

    • SHA256

      5ed41f3b9b9020c62db15bcc0fcee7347a9d95d8a0c50c9672d4659bb36860ff

    • SHA512

      54c39715dd3cac70d19c4d2e28ba6aa31db570fddbd68366b346e210806d3ec0ae8320cc1388f7a8aeaa2e3a7cdcc2380756470911cdcd102c8762eb631072b2

    • SSDEEP

      1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmZ/:SKQJcinxphkG5Q6GdpIOkJHhKRyOXKV

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks