Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1c9b3151a3b7d132fd511ccbae711490

  • Size

    905KB

  • Sample

    231230-z2mgcsccb4

  • MD5

    1c9b3151a3b7d132fd511ccbae711490

  • SHA1

    8a32224ea602478ee660a0f7ed829eba0ad1f8f7

  • SHA256

    8d94157c8d223c29d1507a1ed3300a21eeccce8c8a49ccc05fc7c83a044517a5

  • SHA512

    b44def743395997be043ca71610fe4fc8a3c2d8fc702610113cdc34acf9200fd1b57f34c8080934929fd3e7fda7c35c5cd9fa4e433b02ecf1ce07873330ac903

  • SSDEEP

    24576:GU87rJKWS/d3dx+z/l+58h3UC9QhCwDCp0+/p/zKuRS:i7rADYl+5w3Q+eEbhS

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

p2io

Decoy

essentiallyourscandles.com

cleanxcare.com

bigplatesmallwallet.com

iotcloud.technology

dmgt4m2g8y2uh.net

malcorinmobiliaria.com

thriveglucose.com

fuhaitongxin.com

magetu.info

pyithuhluttaw.net

myfavbutik.com

xzklrhy.com

anewdistraction.com

mercuryaid.net

thesoulrevitalist.com

swayam-moj.com

liminaltechnology.com

lucytime.com

alfenas.info

carmelodesign.com

Targets

    • Target

      1c9b3151a3b7d132fd511ccbae711490

    • Size

      905KB

    • MD5

      1c9b3151a3b7d132fd511ccbae711490

    • SHA1

      8a32224ea602478ee660a0f7ed829eba0ad1f8f7

    • SHA256

      8d94157c8d223c29d1507a1ed3300a21eeccce8c8a49ccc05fc7c83a044517a5

    • SHA512

      b44def743395997be043ca71610fe4fc8a3c2d8fc702610113cdc34acf9200fd1b57f34c8080934929fd3e7fda7c35c5cd9fa4e433b02ecf1ce07873330ac903

    • SSDEEP

      24576:GU87rJKWS/d3dx+z/l+58h3UC9QhCwDCp0+/p/zKuRS:i7rADYl+5w3Q+eEbhS

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks