Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

19/05/2024, 01:17

240519-bnw7msah42 10

27/04/2024, 18:07

240427-wqtjradg33 7

General

  • Target

    Exloader_installer.rar

  • Size

    43.4MB

  • Sample

    240427-wqtjradg33

  • MD5

    6ec37ccf013515988cfc3a97daf53dce

  • SHA1

    b823c26f84554acc649a6580d4922488024f196a

  • SHA256

    c7b07fb622ddddee4ad0f1210783e7e6ce91a671d965e5952957052fda5cb37d

  • SHA512

    6069ec2ad94285e3d4e077f9f2a31bd2fb319a0df31739730486ebdf2aa9e6a094a802bbc637997f33ce32212654c27fa3bc3b91d620ad4647b212f2477382a1

  • SSDEEP

    786432:xhZFYqfv7VTHBuMwYep++Pk8GE7c9fQVQNurAGTszUJvprA1v1+08kEX9H:xhj57BubY8khE7c9fCQN8xsMRrAlDkNH

Malware Config

Targets

    • Target

      Exloader_installer.rar

    • Size

      43.4MB

    • MD5

      6ec37ccf013515988cfc3a97daf53dce

    • SHA1

      b823c26f84554acc649a6580d4922488024f196a

    • SHA256

      c7b07fb622ddddee4ad0f1210783e7e6ce91a671d965e5952957052fda5cb37d

    • SHA512

      6069ec2ad94285e3d4e077f9f2a31bd2fb319a0df31739730486ebdf2aa9e6a094a802bbc637997f33ce32212654c27fa3bc3b91d620ad4647b212f2477382a1

    • SSDEEP

      786432:xhZFYqfv7VTHBuMwYep++Pk8GE7c9fQVQNurAGTszUJvprA1v1+08kEX9H:xhj57BubY8khE7c9fCQN8xsMRrAlDkNH

    Score
    3/10
    • Target

      Exloader_install.exe

    • Size

      64.5MB

    • MD5

      2f7a0a4c5f1f55b5cfccc5052f6b1030

    • SHA1

      dd700f9ad38b976635c5ac68b7eec6af8e8e8993

    • SHA256

      6eb7200b223303770879b7bfca6ce2e6845ee22679dd646eda28531db2ec5dd3

    • SHA512

      fbbcc4672da7e40739bdae1996b0aa243b2e04dbeb58f2de025fabdbd927f98c2858e88f77a2c22c5b5dfda03f307c77e2b2b3cd588e81f5ec75091559b17e6c

    • SSDEEP

      1572864:Doqyq5YGUBgSTZ9GjnqmaKDCFFTpB4feXEwDW:Do3tBVTZ9Gea0FTcFoW

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks