Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0343f7d9824f51e45c9cc6ffbe4a1c20N

  • Size

    212KB

  • Sample

    240826-tgtgaateqq

  • MD5

    0343f7d9824f51e45c9cc6ffbe4a1c20

  • SHA1

    81ea1a3648e3b9d4903398502cc5ac8fbd0a843a

  • SHA256

    915e637e9e56872ab8f1318ea2aa2434c5161cd6bf289076ebecac66db6bd25b

  • SHA512

    83c21afce52224b8b70be568e7bc6d90a4539984c627979bf7a1d172396e054496dd981ac95b0e8b0332467e9214188929974ec49fd5068f2f3b91e9f5e6b2e3

  • SSDEEP

    3072:jLk395hYXJLM/6tdrHF3AHEAHVxd/Y/6fV4xRrB9sTQt4Ge9tBBTWw0vlT4H7n+B:jQqqWQkAHJX4XYkY9Pow0vlT4+B

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ntfs

Decoy

muhammedunal.com

humanvitality.site

thebookofgremlins.com

jamsoles.online

lakelasvegas.homes

fairplay.site

stanversity.com

palacinkaneiva.com

chaseinbox.com

wakeycare.com

habitastulum.net

fundacjacd.com

2wxuit.com

igamingmediahq.com

umannedresearchlaboratories.com

bonedex.com

ebaiyoservices.co.uk

organichorsemanship.com

spanishbyhk.com

stepfields.com

Targets

    • Target

      0343f7d9824f51e45c9cc6ffbe4a1c20N

    • Size

      212KB

    • MD5

      0343f7d9824f51e45c9cc6ffbe4a1c20

    • SHA1

      81ea1a3648e3b9d4903398502cc5ac8fbd0a843a

    • SHA256

      915e637e9e56872ab8f1318ea2aa2434c5161cd6bf289076ebecac66db6bd25b

    • SHA512

      83c21afce52224b8b70be568e7bc6d90a4539984c627979bf7a1d172396e054496dd981ac95b0e8b0332467e9214188929974ec49fd5068f2f3b91e9f5e6b2e3

    • SSDEEP

      3072:jLk395hYXJLM/6tdrHF3AHEAHVxd/Y/6fV4xRrB9sTQt4Ge9tBBTWw0vlT4H7n+B:jQqqWQkAHJX4XYkY9Pow0vlT4+B

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      acc2b699edfea5bf5aae45aba3a41e96

    • SHA1

      d2accf4d494e43ceb2cff69abe4dd17147d29cc2

    • SHA256

      168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

    • SHA512

      e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

    • SSDEEP

      96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX

    Score
    3/10
    • Target

      NBProjects/ParticleFirmware/nbproject/private/uninstall-particle-toolchain.exe

    • Size

      32KB

    • MD5

      faef2ffcd408eda3698879ad1bc0bff7

    • SHA1

      ea8bdc37b82e66a7492b30af7174dd4fd0f69ce8

    • SHA256

      be0fdf6ef1bd4bc0768b90bbb001995b572d65993e23c7fe04d4ba516a0f51b7

    • SHA512

      cab31df32bea8abd7a31ff4dfec9aaf6683bd9a887672da98eb252b01a7972d5cb016c8262f6c64417c600f4c55717d6f6674246ef9a63976f96a5e77c57875a

    • SSDEEP

      768:44wO7XBz+5Qm3W0tYdrQZHV4EWuWEUOg4jjfS3XJlJRnSMhCKQD:jLXB65939tY6HBg4sXJ4MkZD

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks