Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bc76da26a79974b8d9e5ab8c050af68a776f24e2009ef7783688345a0bcec1a5

  • Size

    988KB

  • Sample

    241121-y41w4awrev

  • MD5

    d61502288db973508db3d7514f643096

  • SHA1

    73f88ec0150abfb3ca7e02c0c21d62a98be9f9a9

  • SHA256

    bc76da26a79974b8d9e5ab8c050af68a776f24e2009ef7783688345a0bcec1a5

  • SHA512

    e269812940fac038a668af343534b4b1d8ab76263158c428971f8309c55219ba1b2a181bb0b74150f7bca8558d7af254f78ff67b2d8ea0901c6251fdebb23033

  • SSDEEP

    24576:0ziQoW751kXRWryxCfkL5C/EiHSPp0tKFcj795Sc7GbH:g9vWO6ISPVuHmbH

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

pz9b

Decoy

gochili.info

cyberdatadefence.com

payonbux.com

candiceswanepoelbrasil.com

mykaoa.com

tanabe-kanagu.com

dovetailgoodlife.xyz

alabasterautomotive.com

tajc.club

authwdqtsi6sojynof9gmazon.com

cookingguides.net

yah360.com

berriq.com

freetoreview.online

yachtsgoneonline.com

clothestokidsri.com

howtogetstartedwithfba.com

simplepartyplanning.com

sunrisekai.com

wealthfarmer.net

Targets

    • Target

      Quotation.bin

    • Size

      1.1MB

    • MD5

      5caf99a5eb3975b435161de0b401b1b5

    • SHA1

      271249f641ecbcd5f17b21cd8500b78acb05b5d1

    • SHA256

      574d7449e38aa78b8c46331df27b3c429feb34e16e2ae36fdf9516af6c793754

    • SHA512

      b7dc01123ad31dbaafbc9aa62eb600356c70dcf71240ad1503e95ada96e198bfddebae68d280d498d15d7fab0cf26f182662a60d1216db9cc4a39adccd8bd754

    • SSDEEP

      24576:hfjT+bAaMd3REebAaMd3f0xDccnNiydYfwxbmv87AT16:J+AaMVRE2AaMVMxOyFKsAZ

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader family

    • Xloader payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks