Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

1cca3910af...18.exe

windows7-x64

10

1cca3910af...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1cca3910af7cdf03cfb41cdf2ef7fafe_JaffaCakes118

  • Size

    669KB

  • Sample

    241007-lt6y5ssfnb

  • MD5

    1cca3910af7cdf03cfb41cdf2ef7fafe

  • SHA1

    1f48ee6db9425a3ad1a1e317067337db6e3cecd4

  • SHA256

    82ba148765ef811db68c3cbf69b5f46568a49c7f95005883a5d9a3edb3fd18eb

  • SHA512

    7bde608c61a3907031d173f0b8127232408cb4b3d84dcd256ef079611a06a54f4160e8fd6d23fcb2a3c5e45a08836ba54d6047c8fc8a6ff4463a3db00883f647

  • SSDEEP

    12288:ayW/HK7zyrm+lkitcau0M38CUdE8msPO+R0bGsmKkLYOCJ+:7wltct0j328mmSbGslkLYOC0

Score
10/10
xloadern8badiscoveryloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n8ba

Decoy

thefitflect.com

anytourist.com

blggz.xyz

ascope.club

obyeboss.com

braun-mathematik.online

mtsnurulislamsby.com

jwpropertiestn.com

animalds.com

cunerier.com

sillysocklife.com

shopliyonamaaghin.net

theredcymbalsco.com

lostbikeproject.com

ryggoqlmga.club

realestatetriggers.com

luvlauricephotography.com

cheesehome.cloud

5fashionfix.net

wata-6-rwem.net

Targets

    • Target

      1cca3910af7cdf03cfb41cdf2ef7fafe_JaffaCakes118

    • Size

      669KB

    • MD5

      1cca3910af7cdf03cfb41cdf2ef7fafe

    • SHA1

      1f48ee6db9425a3ad1a1e317067337db6e3cecd4

    • SHA256

      82ba148765ef811db68c3cbf69b5f46568a49c7f95005883a5d9a3edb3fd18eb

    • SHA512

      7bde608c61a3907031d173f0b8127232408cb4b3d84dcd256ef079611a06a54f4160e8fd6d23fcb2a3c5e45a08836ba54d6047c8fc8a6ff4463a3db00883f647

    • SSDEEP

      12288:ayW/HK7zyrm+lkitcau0M38CUdE8msPO+R0bGsmKkLYOCJ+:7wltct0j328mmSbGslkLYOC0

    Score
    10/10
    xloadern8badiscoveryloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.