Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6fe9a3470f0ac5c1d00d26e08a22579f

  • Size

    671KB

  • Sample

    231222-fvqewshadm

  • MD5

    6fe9a3470f0ac5c1d00d26e08a22579f

  • SHA1

    a88181b197bda78c80718197e9e4337baa6b96d5

  • SHA256

    a6fc3c2cd878129322903c09b84a057046b772e92e883b002714574fff834bde

  • SHA512

    ecb0a597f5a60b8593ac82bbc6092cf65e3de71f2e4f9e48d2c446159d812f74a44a7ad6054b058901a165dae5b202296bedbc30e110af3d1e7403cbda563805

  • SSDEEP

    12288:YGcQNKL5XwINR3shZLJQ05nFwrvqHfp9y:/CRwUO/ddOTIfDy

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

uytf

Decoy

elife-home-internet.com

amberbandyoutube.com

myhomemechanism.net

nuosports.com

universalpartnersintl.com

greatmix106.com

fangxianger.com

dreampic.net

lifteddevelopments.com

astyledsurface.com

meditationkota.com

hungry4theholy1.com

8belowrescue.com

almostmidnightgames.com

lifelonghiker.com

maridaniellecontreras.com

hisport.info

loveforquality.com

baincot3.com

theneuro-link.com

Targets

    • Target

      6fe9a3470f0ac5c1d00d26e08a22579f

    • Size

      671KB

    • MD5

      6fe9a3470f0ac5c1d00d26e08a22579f

    • SHA1

      a88181b197bda78c80718197e9e4337baa6b96d5

    • SHA256

      a6fc3c2cd878129322903c09b84a057046b772e92e883b002714574fff834bde

    • SHA512

      ecb0a597f5a60b8593ac82bbc6092cf65e3de71f2e4f9e48d2c446159d812f74a44a7ad6054b058901a165dae5b202296bedbc30e110af3d1e7403cbda563805

    • SSDEEP

      12288:YGcQNKL5XwINR3shZLJQ05nFwrvqHfp9y:/CRwUO/ddOTIfDy

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks