Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-12-23...ck.exe

windows7-x64

10

2024-12-23...ck.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-12-23_b3ba7afb650fbc73d5d7ba46d5e9f091_darkgate_neshta_ramnit_ransomlock

  • Size

    4.5MB

  • Sample

    241223-pk5w9szlar

  • MD5

    b3ba7afb650fbc73d5d7ba46d5e9f091

  • SHA1

    4f8f13afcd80d83cbe952774fee437ce32e87730

  • SHA256

    f6f84b418926af4185426db6f6ad92aff970457e1ea707413fd95137a32a908d

  • SHA512

    f86ec814fa90698baebba871a48fbbdb10b543c6cb839eba4288c2aa4865db357f371bd5dfaa95423a4f5e8c04c3a6809ad13579d88fecf69e672515d7db41ba

  • SSDEEP

    49152:8AR/SCICrtvMLtAvVfJVgbhWss4lTDRLOyR0MKGKPhGi:NdAc6yVfJVg0ss4lZiGti

Score
10/10
modiloaderneshtaramnitaspackv2bankerdiscoverypersistencespywarestealertrojanupxworm

Malware Config

Targets

    • Target

      2024-12-23_b3ba7afb650fbc73d5d7ba46d5e9f091_darkgate_neshta_ramnit_ransomlock

    • Size

      4.5MB

    • MD5

      b3ba7afb650fbc73d5d7ba46d5e9f091

    • SHA1

      4f8f13afcd80d83cbe952774fee437ce32e87730

    • SHA256

      f6f84b418926af4185426db6f6ad92aff970457e1ea707413fd95137a32a908d

    • SHA512

      f86ec814fa90698baebba871a48fbbdb10b543c6cb839eba4288c2aa4865db357f371bd5dfaa95423a4f5e8c04c3a6809ad13579d88fecf69e672515d7db41ba

    • SSDEEP

      49152:8AR/SCICrtvMLtAvVfJVgbhWss4lTDRLOyR0MKGKPhGi:NdAc6yVfJVg0ss4lZiGti

    Score
    10/10
    modiloaderneshtaramnitaspackv2bankerdiscoverypersistencespywarestealertrojanupxworm

    • Detect Neshta payload

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Neshta family

      neshta

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

      trojanspywarestealerwormbankerramnit

    • Ramnit family

      ramnit

    • ModiLoader First Stage

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.