Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Exloader_installer.rar
-
Size
43.4MB
-
Sample
240427-wqtjradg33
-
MD5
6ec37ccf013515988cfc3a97daf53dce
-
SHA1
b823c26f84554acc649a6580d4922488024f196a
-
SHA256
c7b07fb622ddddee4ad0f1210783e7e6ce91a671d965e5952957052fda5cb37d
-
SHA512
6069ec2ad94285e3d4e077f9f2a31bd2fb319a0df31739730486ebdf2aa9e6a094a802bbc637997f33ce32212654c27fa3bc3b91d620ad4647b212f2477382a1
-
SSDEEP
786432:xhZFYqfv7VTHBuMwYep++Pk8GE7c9fQVQNurAGTszUJvprA1v1+08kEX9H:xhj57BubY8khE7c9fCQN8xsMRrAlDkNH
Static task
static1
Behavioral task
behavioral1
Sample
Exloader_installer.rar
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Exloader_installer.rar
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
Exloader_install.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
Exloader_installer.rar
-
Size
43.4MB
-
MD5
6ec37ccf013515988cfc3a97daf53dce
-
SHA1
b823c26f84554acc649a6580d4922488024f196a
-
SHA256
c7b07fb622ddddee4ad0f1210783e7e6ce91a671d965e5952957052fda5cb37d
-
SHA512
6069ec2ad94285e3d4e077f9f2a31bd2fb319a0df31739730486ebdf2aa9e6a094a802bbc637997f33ce32212654c27fa3bc3b91d620ad4647b212f2477382a1
-
SSDEEP
786432:xhZFYqfv7VTHBuMwYep++Pk8GE7c9fQVQNurAGTszUJvprA1v1+08kEX9H:xhj57BubY8khE7c9fCQN8xsMRrAlDkNH
Score3/10 -
-
-
Target
Exloader_install.exe
-
Size
64.5MB
-
MD5
2f7a0a4c5f1f55b5cfccc5052f6b1030
-
SHA1
dd700f9ad38b976635c5ac68b7eec6af8e8e8993
-
SHA256
6eb7200b223303770879b7bfca6ce2e6845ee22679dd646eda28531db2ec5dd3
-
SHA512
fbbcc4672da7e40739bdae1996b0aa243b2e04dbeb58f2de025fabdbd927f98c2858e88f77a2c22c5b5dfda03f307c77e2b2b3cd588e81f5ec75091559b17e6c
-
SSDEEP
1572864:Doqyq5YGUBgSTZ9GjnqmaKDCFFTpB4feXEwDW:Do3tBVTZ9Gea0FTcFoW
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-