Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    68e2e8cb22405746bd8829af87e4fadd2b37bd4b66c4d67889ef0ac052353d64N.exe

  • Size

    326KB

  • Sample

    250102-kxq7esxlap

  • MD5

    8fa85f3a21db168ae16015934f6baa80

  • SHA1

    d6044dfe9afb5274daa03fbd72ec32aef9757d09

  • SHA256

    68e2e8cb22405746bd8829af87e4fadd2b37bd4b66c4d67889ef0ac052353d64

  • SHA512

    ca98cb3ba8dd5d4e5e358524ba1aafb108de0c864cf89ca1a13299fec18ab56f72b7551a24c7a26cafea5962047c7ba727d2969679255d7c9542d12a3c397438

  • SSDEEP

    3072:ce2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XVT:csxD5cwohO+O1sVG0/pZ6iPC8w

Malware Config

Targets

    • Target

      68e2e8cb22405746bd8829af87e4fadd2b37bd4b66c4d67889ef0ac052353d64N.exe

    • Size

      326KB

    • MD5

      8fa85f3a21db168ae16015934f6baa80

    • SHA1

      d6044dfe9afb5274daa03fbd72ec32aef9757d09

    • SHA256

      68e2e8cb22405746bd8829af87e4fadd2b37bd4b66c4d67889ef0ac052353d64

    • SHA512

      ca98cb3ba8dd5d4e5e358524ba1aafb108de0c864cf89ca1a13299fec18ab56f72b7551a24c7a26cafea5962047c7ba727d2969679255d7c9542d12a3c397438

    • SSDEEP

      3072:ce2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XVT:csxD5cwohO+O1sVG0/pZ6iPC8w

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks