Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bc76da26a79974b8d9e5ab8c050af68a776f24e2009ef7783688345a0bcec1a5
-
Size
988KB
-
Sample
241121-y41w4awrev
-
MD5
d61502288db973508db3d7514f643096
-
SHA1
73f88ec0150abfb3ca7e02c0c21d62a98be9f9a9
-
SHA256
bc76da26a79974b8d9e5ab8c050af68a776f24e2009ef7783688345a0bcec1a5
-
SHA512
e269812940fac038a668af343534b4b1d8ab76263158c428971f8309c55219ba1b2a181bb0b74150f7bca8558d7af254f78ff67b2d8ea0901c6251fdebb23033
-
SSDEEP
24576:0ziQoW751kXRWryxCfkL5C/EiHSPp0tKFcj795Sc7GbH:g9vWO6ISPVuHmbH
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7-20241010-en
Malware Config
Extracted
xloader
2.3
pz9b
gochili.info
cyberdatadefence.com
payonbux.com
candiceswanepoelbrasil.com
mykaoa.com
tanabe-kanagu.com
dovetailgoodlife.xyz
alabasterautomotive.com
tajc.club
authwdqtsi6sojynof9gmazon.com
cookingguides.net
yah360.com
berriq.com
freetoreview.online
yachtsgoneonline.com
clothestokidsri.com
howtogetstartedwithfba.com
simplepartyplanning.com
sunrisekai.com
wealthfarmer.net
indumaqservicios.com
sanookna.com
stgg.net
resultrun.info
dynamismedical.com
katfacecosmetics.com
wjlzbc.com
madebymygypsysoul.com
belpair.net
aktamusic.com
generationathletic.fitness
artandscience.info
timbisoaps.com
foursonsltd.com
komitmenindonesiasejahtera.com
buildingbusinessonline.net
nativeiso.com
sagalocal.icu
deepcombine.com
conecationsystemss.net
airtech-engineers.com
rjccollectibles.com
haegrumfood.com
brunchtimes.com
beautifulbodyz.com
vidaifriend.com
blinbins.com
cvnsm2020.com
thompsonwebmanagement.com
xn--lichthlzer-jcb.com
tyrellsaintvil.com
charismaadvice.com
webshopfront.com
creativesoulsclubs.com
schul-service.com
maridaniellecontreras.com
thefreelancerzone.com
1000-help4.club
thecookiechicktx.com
mutschein.com
balveny.com
sorteesportiva.bet
adamsandfane.com
ashleyjordanoutlaws.com
generalplex.com
Targets
-
-
Target
Quotation.bin
-
Size
1.1MB
-
MD5
5caf99a5eb3975b435161de0b401b1b5
-
SHA1
271249f641ecbcd5f17b21cd8500b78acb05b5d1
-
SHA256
574d7449e38aa78b8c46331df27b3c429feb34e16e2ae36fdf9516af6c793754
-
SHA512
b7dc01123ad31dbaafbc9aa62eb600356c70dcf71240ad1503e95ada96e198bfddebae68d280d498d15d7fab0cf26f182662a60d1216db9cc4a39adccd8bd754
-
SSDEEP
24576:hfjT+bAaMd3REebAaMd3f0xDccnNiydYfwxbmv87AT16:J+AaMVRE2AaMVMxOyFKsAZ
-
Xloader family
-
Xloader payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-