Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8d7f44884ac78b65e8929b71d7b7b0003fa3dd248bd03877b64432c7023b2d76N.exe

  • Size

    300KB

  • Sample

    241204-ba65payncj

  • MD5

    fcd439495e41589b112ec0fdc23dd260

  • SHA1

    5c870d4cc86f6a773769ec4fa663bfe599df8665

  • SHA256

    8d7f44884ac78b65e8929b71d7b7b0003fa3dd248bd03877b64432c7023b2d76

  • SHA512

    f1548bb5b549d9b49fae7d56be77466e5a135cdb083ec26af7ed1de0a02b8de8c21c8a3b934994bc06af76b2b59ea10faf5d8b0ea36303d4c3a7bffaf402cf0c

  • SSDEEP

    3072:Ue2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38GG:UsxD5cwohO+O1sVG0/pZ6iPC8I

Malware Config

Targets

    • Target

      8d7f44884ac78b65e8929b71d7b7b0003fa3dd248bd03877b64432c7023b2d76N.exe

    • Size

      300KB

    • MD5

      fcd439495e41589b112ec0fdc23dd260

    • SHA1

      5c870d4cc86f6a773769ec4fa663bfe599df8665

    • SHA256

      8d7f44884ac78b65e8929b71d7b7b0003fa3dd248bd03877b64432c7023b2d76

    • SHA512

      f1548bb5b549d9b49fae7d56be77466e5a135cdb083ec26af7ed1de0a02b8de8c21c8a3b934994bc06af76b2b59ea10faf5d8b0ea36303d4c3a7bffaf402cf0c

    • SSDEEP

      3072:Ue2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38GG:UsxD5cwohO+O1sVG0/pZ6iPC8I

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks