Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    163a61f30478a21a6e91765d09fdbb51

  • Size

    807KB

  • Sample

    231230-mrb7esbddl

  • MD5

    163a61f30478a21a6e91765d09fdbb51

  • SHA1

    7baf2e6911e114946ebb7e6475cb7b74ab6af343

  • SHA256

    be230035f1e1b86c687d94ba142e56f1859cbee72cce927a62047e04b30b7807

  • SHA512

    17e63aeeb25be473e1b6c80d84e9a94d1f249900c3406fabe71971c24d500d7855d8fc36f855ec52c4b96b37d40f3bf11c312308a54c84c7afab0c5369bf3e45

  • SSDEEP

    12288:ixx3htjxnAqZ6oR65AXwgFvuSSSII920CdUjRQg75zsDxrK4EFA1lN3mgR3mEuK:ixx32oR6qge920CdUjvSpK/KXNV3mI

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

u3r5

Decoy

alashan.ltd

demopagephequan.online

garxznql.icu

unetart.com

dajiangzhibo15.com

influencer.fund

beverlyhills.city

strefafryzur.net

giftboxhawaii.com

ecotiare.com

homeandgardenradioshow.com

sageandsandco.com

laflesoley.com

icipatanegra.online

autovistoriapredial.net

xn--polenezkypark-pmb.com

cbdamic.com

aaronandmarissa.com

datasoma.digital

theclosetology.com

Targets

    • Target

      163a61f30478a21a6e91765d09fdbb51

    • Size

      807KB

    • MD5

      163a61f30478a21a6e91765d09fdbb51

    • SHA1

      7baf2e6911e114946ebb7e6475cb7b74ab6af343

    • SHA256

      be230035f1e1b86c687d94ba142e56f1859cbee72cce927a62047e04b30b7807

    • SHA512

      17e63aeeb25be473e1b6c80d84e9a94d1f249900c3406fabe71971c24d500d7855d8fc36f855ec52c4b96b37d40f3bf11c312308a54c84c7afab0c5369bf3e45

    • SSDEEP

      12288:ixx3htjxnAqZ6oR65AXwgFvuSSSII920CdUjRQg75zsDxrK4EFA1lN3mgR3mEuK:ixx32oR6qge920CdUjvSpK/KXNV3mI

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks