Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4790a6bec0eb9efda12d2abe2bb38d00

  • Size

    1.3MB

  • Sample

    240107-awbegacdd9

  • MD5

    4790a6bec0eb9efda12d2abe2bb38d00

  • SHA1

    fee62df00e5888398be1cf7d8abc716afe43d37d

  • SHA256

    8b46ffe6f10e29d52a311f2516deb4f54b84ddedf75a3a6921e1423518658e26

  • SHA512

    751bc4ca9266183b1e4ca855cac6734b3148a51db845c33d664f6ce49c19091f2b703c756d5b51be6ba98e5774d462b9313ab3e20f1d4efc518260b8bbcc0840

  • SSDEEP

    24576:0EUzRj83ukaDcTG7dDkuepQUsjtbbn2YgVuZlZcjOsZ3ON:y83uka7kuOQVRr2RvrO

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n84e

Decoy

upscalebuyer.com

qtict.net

karlgillard.com

fangsbags.com

blackwhitebangtan.com

lojaautomatica.com

browbabelondon.com

dupladocabelo.com

tcheap3dwdshop.com

htnmg.com

globaltradeview.com

instrumentwinebreathe.net

futurejobstech.com

notemanches.com

myconventionalcooking.xyz

doniang.com

ouruiwh.com

tecnologiatimes.com

yxbmfc.com

mae-baby.com

Targets

    • Target

      4790a6bec0eb9efda12d2abe2bb38d00

    • Size

      1.3MB

    • MD5

      4790a6bec0eb9efda12d2abe2bb38d00

    • SHA1

      fee62df00e5888398be1cf7d8abc716afe43d37d

    • SHA256

      8b46ffe6f10e29d52a311f2516deb4f54b84ddedf75a3a6921e1423518658e26

    • SHA512

      751bc4ca9266183b1e4ca855cac6734b3148a51db845c33d664f6ce49c19091f2b703c756d5b51be6ba98e5774d462b9313ab3e20f1d4efc518260b8bbcc0840

    • SSDEEP

      24576:0EUzRj83ukaDcTG7dDkuepQUsjtbbn2YgVuZlZcjOsZ3ON:y83uka7kuOQVRr2RvrO

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks