7ad99c1905e0c0ca46bd97650a50645592a6006f05062aa4580198c41c6491a1 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ExLoader_I...1).exe

windows10-1703-x64

7

ExLoader_I...1).exe

windows10-2004-x64

7

ExLoader_I...1).exe

windows11-21h2-x64

7

Sharing

General

Target

ExLoader_Installer (1).exe
Size

20.2MB
Sample

240314-x1yrwscf9y
MD5

06d4e995805a2afd7496f4f4f0000fd2
SHA1

db80fb0f047f5754aa33781268421407fd07d29e
SHA256

7ad99c1905e0c0ca46bd97650a50645592a6006f05062aa4580198c41c6491a1
SHA512

fd4d245e28e6584f7fe3489bccb35341f5957933de442c259a507e04bf07f018bbb1bd769d638a07a42ce7a1677c6bf1aa237f4b22b3a5dcf9ccbc5af43150d7
SSDEEP

393216:QVZarTJXmFjzqREtDlwcPUTc9t37DMncawXAKaVnayxZtFDb:SZ4TJXmFjzqa5lYTiInf46VnvHr/

Score

7^/10

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ExLoader_Installer (1).exe

Resource

win10-20240221-en

windows10-1703-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

ExLoader_Installer (1).exe

Resource

win10v2004-20240226-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

ExLoader_Installer (1).exe

Resource

win11-20240221-en

windows11-21h2-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  ExLoader_Installer (1).exe
- Size
  
  20.2MB
- MD5
  
  06d4e995805a2afd7496f4f4f0000fd2
- SHA1
  
  db80fb0f047f5754aa33781268421407fd07d29e
- SHA256
  
  7ad99c1905e0c0ca46bd97650a50645592a6006f05062aa4580198c41c6491a1
- SHA512
  
  fd4d245e28e6584f7fe3489bccb35341f5957933de442c259a507e04bf07f018bbb1bd769d638a07a42ce7a1677c6bf1aa237f4b22b3a5dcf9ccbc5af43150d7
- SSDEEP
  
  393216:QVZarTJXmFjzqREtDlwcPUTc9t37DMncawXAKaVnayxZtFDb:SZ4TJXmFjzqa5lYTiInf46VnvHr/
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

© 2018-2025

Terms | Privacy