Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    02b89444a1d633c44e1e9e54e3fdd1b0

  • Size

    945KB

  • Sample

    231229-yzmtnshhhp

  • MD5

    02b89444a1d633c44e1e9e54e3fdd1b0

  • SHA1

    6d560a1c41457fa9c88d5d218ea4a9ae670fbedd

  • SHA256

    52b0438a43977e210e58786f139697a9007854f624d8901c891a9af69b87667f

  • SHA512

    1521d912a90f74e46a6428eb4ee6bdf7561ff05260b9243a34e724b9be1424bec2f7c78ea527097a3d75f349e5afa485bc9aeb159d6186e1f621e462eacda5f7

  • SSDEEP

    12288:qxDc9F3nC0Py3gAhSEJbjJEK1+E5Gl6twEtG5FhVvjRrry8rXcuzDD8qfv:6J5Gl6HE5FhhjRvy8Zdv

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

earz

Decoy

halacoupon.com

anthos-labs.com

hagertylabs.net

l1992.com

856379580.xyz

rcbb-technologies.com

realhoggapparel.com

sauceprince.com

tootingcab.com

4chase5.com

ordergogibibimbap.com

nyj.xyz

dermixspa.com

premiergiftingco.com

razorcentric.com

mbrealtyadvisors.com

officialjazz.club

cctv006.com

hbcuatthepolls.info

prestamos-ya.com

Targets

    • Target

      02b89444a1d633c44e1e9e54e3fdd1b0

    • Size

      945KB

    • MD5

      02b89444a1d633c44e1e9e54e3fdd1b0

    • SHA1

      6d560a1c41457fa9c88d5d218ea4a9ae670fbedd

    • SHA256

      52b0438a43977e210e58786f139697a9007854f624d8901c891a9af69b87667f

    • SHA512

      1521d912a90f74e46a6428eb4ee6bdf7561ff05260b9243a34e724b9be1424bec2f7c78ea527097a3d75f349e5afa485bc9aeb159d6186e1f621e462eacda5f7

    • SSDEEP

      12288:qxDc9F3nC0Py3gAhSEJbjJEK1+E5Gl6twEtG5FhVvjRrry8rXcuzDD8qfv:6J5Gl6HE5FhhjRvy8Zdv

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks