Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3e79ed8b90a2e350bc4097d3c5cf7c3a4631d2fa21500377790b7ef79ae03fca

  • Size

    775KB

  • Sample

    241121-y48lya1ncl

  • MD5

    604f53a7bb3c0fe2169e438f300188f6

  • SHA1

    d35e314bd9550f82457dd26097baebda006aef21

  • SHA256

    3e79ed8b90a2e350bc4097d3c5cf7c3a4631d2fa21500377790b7ef79ae03fca

  • SHA512

    d5e47b49f6bf4af12d9164a2690714c30354278794a5f86414f302c3a15d5e6f629190c7f12475573edad6bbb07c6d8d4f1e6fd1bcce7194402de320f9a64c3e

  • SSDEEP

    12288:PvwLBMk5WzvkmOS7aS294CSAGlMqd1C7i69qpyr7bhYlKdAFsLYfivc9v:3wx5WrP7ddC3gMqdGiyqczhc1oYfie

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

qr26

Decoy

libreriarenemoreno.com

searingrofivt.xyz

liveincare-online.com

nahda92.com

oki-net.com

onlinedelivery.biz

marianiartspace.online

wildeblum.biz

adelaideofficeinteriors.com

plickthepick.com

qhyingtu.com

enjoy2m.xyz

037yu.xyz

poseidonvips.com

intricatepainting.com

cwdestore.com

nordic-aesthetics.com

80cq926.top

arbiz.farm

yun183.xyz

Targets

    • Target

      7612746d01cffc33f8f613b57bf35822aad22277ca6c071efe990dadd2fbc853

    • Size

      886KB

    • MD5

      f508abf920fbd52e54dba67bcfd561ba

    • SHA1

      e4b6476bbb722f0c6513284d827b9290d6056489

    • SHA256

      7612746d01cffc33f8f613b57bf35822aad22277ca6c071efe990dadd2fbc853

    • SHA512

      fcfb71e4745b40d5a0366295202bc1732578c38adb2ec605938ebb5fe06f4c9fa64e090a4d713453fed17bea3c3fe34f9342ee10c69b00ce9206fd4527c34ca3

    • SSDEEP

      24576:6qyd9G4LZ5fO7p9zgAAdsyyq4ZZsVoAc:8d9G4tA9gAAdsdq4HV/

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader family

    • Xloader payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks