Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ExLoader_Installer (1).exe

  • Size

    20.2MB

  • Sample

    240314-x1yrwscf9y

  • MD5

    06d4e995805a2afd7496f4f4f0000fd2

  • SHA1

    db80fb0f047f5754aa33781268421407fd07d29e

  • SHA256

    7ad99c1905e0c0ca46bd97650a50645592a6006f05062aa4580198c41c6491a1

  • SHA512

    fd4d245e28e6584f7fe3489bccb35341f5957933de442c259a507e04bf07f018bbb1bd769d638a07a42ce7a1677c6bf1aa237f4b22b3a5dcf9ccbc5af43150d7

  • SSDEEP

    393216:QVZarTJXmFjzqREtDlwcPUTc9t37DMncawXAKaVnayxZtFDb:SZ4TJXmFjzqa5lYTiInf46VnvHr/

Score
7/10

Malware Config

Targets

    • Target

      ExLoader_Installer (1).exe

    • Size

      20.2MB

    • MD5

      06d4e995805a2afd7496f4f4f0000fd2

    • SHA1

      db80fb0f047f5754aa33781268421407fd07d29e

    • SHA256

      7ad99c1905e0c0ca46bd97650a50645592a6006f05062aa4580198c41c6491a1

    • SHA512

      fd4d245e28e6584f7fe3489bccb35341f5957933de442c259a507e04bf07f018bbb1bd769d638a07a42ce7a1677c6bf1aa237f4b22b3a5dcf9ccbc5af43150d7

    • SSDEEP

      393216:QVZarTJXmFjzqREtDlwcPUTc9t37DMncawXAKaVnayxZtFDb:SZ4TJXmFjzqa5lYTiInf46VnvHr/

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks