Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9cf8652774703750e214e49012b8aeb2

  • Size

    867KB

  • Sample

    231222-qg979ahea9

  • MD5

    9cf8652774703750e214e49012b8aeb2

  • SHA1

    f75dee81dda3cb5e13e7bc2d106c90fd33c78b75

  • SHA256

    11f56953a80011adac61595a11f0d716a9a24e0fb7e20b95dbd55d0c4b3c0781

  • SHA512

    c2cd8eeb7d7a8e1eaf19696596cd2e3ae6e10cb4f748800d41815455d7c7f6a105444ca87312d40c6347d21bdffd0faa631abc0b2fd868da2f60fc5ee0f6e19d

  • SSDEEP

    12288:XaK1E9C67cnDmBF3cSKjJ9vXb+hHaSdn46U/v/UP/cuFG1yIPggTqI69ktY66M91:X31E9C64nYqvLJS+6fP7IogTC9kB91

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

b5ne

Decoy

haridwarweb.com

rltzjd.com

betsvia.com

swiftnestit.com

sndebate.com

intervene-suave.net

frejany.com

findcremationsearcher.info

jchmlt.com

sanenkj.com

donnypoppins.com

pallainfotech.com

dinerbite.com

aj2223.online

4ociousdragon.com

rnpackersandmovers.com

working-mum.com

savewife.com

reissteams.com

visionenterprisesindia.com

Targets

    • Target

      Ri9RSdOwP2DvMFi.exe

    • Size

      782KB

    • MD5

      93fcca51eeb3f566119693d2f9745926

    • SHA1

      9cb3c035e948b0e1e27f2a8515fed6deb14857a5

    • SHA256

      effde9dee423f050461080a9efc44435f4abd5d772e0a436f84f758b95ff65b2

    • SHA512

      978b52d10a3a00429322c21cb492f7f72a1bbe175d3915b37d01d4ecde9b0b66f29228625c1e5abf71ad3b5110f9021059c5daaa8f7ea25b5fb7e641ffb06d85

    • SSDEEP

      6144:luFJLgGJz99KYyo3wdTPnoJx6DqVY2RvE/KMuKszf7hOgoP2Oncbq3VHOflCbF23:KzfDyvnGmqvs/5YOgoZsHYMaPVUnt

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks