Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1a57158743374e0921da27736bd82f9f

  • Size

    854KB

  • Sample

    231230-qy748aahhk

  • MD5

    1a57158743374e0921da27736bd82f9f

  • SHA1

    aab70a28915715dad73ce093aa0b8cf7a558a860

  • SHA256

    f3238da427c80f842f5b4a789726005ac06157181d80a32105aa639b325d0330

  • SHA512

    cdb5f45bea7052ebcfb5a9484661f8ee7f396a605116c2061fbbd6fc145c734f6bfa7c09705a0536a058a2d186c0101d195320fdca177199b574211af7ffb413

  • SSDEEP

    12288:d137TeVv5IYL6VAO9QQOPv5Gx1MziGqLK49H2dgeYXN1jAt2NjFtOHpF:d1ripBL6VAO9QQ9my9HMy7jAMNja

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

u3r5

Decoy

alashan.ltd

demopagephequan.online

garxznql.icu

unetart.com

dajiangzhibo15.com

influencer.fund

beverlyhills.city

strefafryzur.net

giftboxhawaii.com

ecotiare.com

homeandgardenradioshow.com

sageandsandco.com

laflesoley.com

icipatanegra.online

autovistoriapredial.net

xn--polenezkypark-pmb.com

cbdamic.com

aaronandmarissa.com

datasoma.digital

theclosetology.com

Targets

    • Target

      1a57158743374e0921da27736bd82f9f

    • Size

      854KB

    • MD5

      1a57158743374e0921da27736bd82f9f

    • SHA1

      aab70a28915715dad73ce093aa0b8cf7a558a860

    • SHA256

      f3238da427c80f842f5b4a789726005ac06157181d80a32105aa639b325d0330

    • SHA512

      cdb5f45bea7052ebcfb5a9484661f8ee7f396a605116c2061fbbd6fc145c734f6bfa7c09705a0536a058a2d186c0101d195320fdca177199b574211af7ffb413

    • SSDEEP

      12288:d137TeVv5IYL6VAO9QQOPv5Gx1MziGqLK49H2dgeYXN1jAt2NjFtOHpF:d1ripBL6VAO9QQ9my9HMy7jAMNja

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks