Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Xotic_Activator.exe
-
Size
7.8MB
-
Sample
240203-rc1npabbd7
-
MD5
b7187165f15eb840b317ec8c0a2af280
-
SHA1
cc581b387f05b7e0a3310c44ada888c5397c3c03
-
SHA256
6d6c69215c29027dd81f4015cf5787059ac40f3c19235560312629e2a77dc4b2
-
SHA512
d5261c17438bdbfcdec39f48d83ba423f9412cdc360491f2a16d0ba348df4883903012b7a7362f7c40f52ccf0b99210c8cfbeb41e6d6f160d33f2dd9c1a0096c
-
SSDEEP
196608:xHHRrH1W903eV4QtMToEuGxgh858F0ibfU0SEYgABt+kfLgiUR:/hW+eGQtMTozGxu8C0ibfOkWkp
Behavioral task
behavioral1
Sample
Xotic_Activator.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Xotic_Activator.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
main.pyc
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
main.pyc
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
Xotic_Activator.exe
-
Size
7.8MB
-
MD5
b7187165f15eb840b317ec8c0a2af280
-
SHA1
cc581b387f05b7e0a3310c44ada888c5397c3c03
-
SHA256
6d6c69215c29027dd81f4015cf5787059ac40f3c19235560312629e2a77dc4b2
-
SHA512
d5261c17438bdbfcdec39f48d83ba423f9412cdc360491f2a16d0ba348df4883903012b7a7362f7c40f52ccf0b99210c8cfbeb41e6d6f160d33f2dd9c1a0096c
-
SSDEEP
196608:xHHRrH1W903eV4QtMToEuGxgh858F0ibfU0SEYgABt+kfLgiUR:/hW+eGQtMTozGxu8C0ibfOkWkp
Score8/10-
Blocklisted process makes network request
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
main.pyc
-
Size
4KB
-
MD5
78044e0945749775910ce61a3a0c8f74
-
SHA1
72ed0e3180c2f62b1e70c08dda96dc083f2a0074
-
SHA256
391cda8393509999ba2bc99c764de7ddb6b5b03a70a29af87bf50a1d5e09a17e
-
SHA512
a77820098223d5ff35f93da1876556b1dcda5f14837a155b9db73140dfb2e792e7137decfa342e9321ff96e06330ac48d392b35512b0e7f8145db6da664a06ab
-
SSDEEP
96:QEHXKag/on8jIIVTfHAlVPflDji+kgZjPlsx9SHfUh:d6agwIVTfJgZy3Nh
Score3/10 -