Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

556389fdec...ed.exe

windows7-x64

10

556389fdec...ed.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    556389fdeca32b5417fa33656de427ed

  • Size

    474KB

  • Sample

    240112-d8gnsseha9

  • MD5

    556389fdeca32b5417fa33656de427ed

  • SHA1

    d86c0643d5a41078cf47462918219f84e9cb4b5e

  • SHA256

    9fc3f0d5756cce9639d734d17ada931d3c83c20a6479d3ec0ea338d52137e1be

  • SHA512

    2cfeac65c5b0154497b0f1092f8f09e6316f9341c9f712bbf55021629b0cdec22686bfd4d47c5edc4bb1aea76385066a203995b05b931ebf5323b14e196febbd

  • SSDEEP

    12288:T4Z2/0OI8c2nawCc0O5SzgnvCUsKDi7sxWa:TU2/bawW2XnvTi7s0a

Score
10/10
xloaderc7jhloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

c7jh

Decoy

frealz.com

janggipay.com

k12paymentceter.com

garnishclub.com

5975199.com

xyzenix.com

khspt.com

tccollection.net

electricscooter.parts

ouhongda.com

soltosoul.love

lentspace.com

mimik33.info

five-minute-diary.com

stanleyguzman.com

davidhidalgo.info

bfcalc.com

app-leadpulse.com

yogaforhumans.com

eaglerockinvest.com

Targets

    • Target

      556389fdeca32b5417fa33656de427ed

    • Size

      474KB

    • MD5

      556389fdeca32b5417fa33656de427ed

    • SHA1

      d86c0643d5a41078cf47462918219f84e9cb4b5e

    • SHA256

      9fc3f0d5756cce9639d734d17ada931d3c83c20a6479d3ec0ea338d52137e1be

    • SHA512

      2cfeac65c5b0154497b0f1092f8f09e6316f9341c9f712bbf55021629b0cdec22686bfd4d47c5edc4bb1aea76385066a203995b05b931ebf5323b14e196febbd

    • SSDEEP

      12288:T4Z2/0OI8c2nawCc0O5SzgnvCUsKDi7sxWa:TU2/bawW2XnvTi7s0a

    Score
    10/10
    xloaderc7jhloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks