Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    07bfab28b65a059dcb96c7ee7b0d3d66ab533049c7a537ce902665720bb47249

  • Size

    204KB

  • Sample

    241121-yme83azpen

  • MD5

    38f465924299f11447930a236933eceb

  • SHA1

    c85474277c43c25719e76ffd8778b18e3c479dd7

  • SHA256

    07bfab28b65a059dcb96c7ee7b0d3d66ab533049c7a537ce902665720bb47249

  • SHA512

    950b841e42e541eac794d9f845e072c46507be9b0a00e1b6297124ac43c80954ff1671314c130442d5ea2ae910c305adabf734dc8454b5540926ca383d1af8af

  • SSDEEP

    3072:db60u4NKg+27UGMcH7fdaqRBsFte38g1HLCyfDcEiTyoPOTfqa:db6n4N3BUI7BsFte38g1rfcELp

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

pb93

Decoy

covidlawyersnj.com

zhgxzdh.com

mydomainaccounts.com

uniq.plus

snehapoorvam.com

anj-tradingltd.com

orderinglogin.com

1660688.com

cazconstructionservices.com

yildizwestern.com

futchampionz.com

starbritesmiles.com

viralxch.com

bandmanwiththeheadband.com

teachertechia.net

provenfitness.club

regentpublicity.net

meghaminz.com

mysuperdrink.com

redtomatoes.club

Targets

    • Target

      92ec0fdda57232d435885971959cc65ede66e19f7ea7673798e97344008369fd

    • Size

      216KB

    • MD5

      d3e4488ee4f30b87b4ff5aa8d517f526

    • SHA1

      1113830356c3c941f5e7cbbb6e546b2d1401ced0

    • SHA256

      92ec0fdda57232d435885971959cc65ede66e19f7ea7673798e97344008369fd

    • SHA512

      d6a06dab2949b18b928d91ff226c86bc4b2a2963f595a2db4a00c02fce71a46e8e98bdfc4e1d4d7b2f77e2526eef320f25d786bc2f699f1f732992634e25d100

    • SSDEEP

      6144:gsu5HeyqxoIzX9ZP9GlA4DgIuuZyQXTxWXrI:25QiIztvGUIzyQmI

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader family

    • Xloader payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      acc2b699edfea5bf5aae45aba3a41e96

    • SHA1

      d2accf4d494e43ceb2cff69abe4dd17147d29cc2

    • SHA256

      168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

    • SHA512

      e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

    • SSDEEP

      96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX

    Score
    3/10
    • Target

      $_2_/pinguino-uninstall.exe

    • Size

      33KB

    • MD5

      2c1e33a40e471bc65c770106213e194a

    • SHA1

      b74f3a5a485c3bc289e9301f9da8a798c2ea096c

    • SHA256

      6c5934471282e97be87ef28c948ba2481e015a0df5194315d83c2bfc8035760c

    • SHA512

      4cf1cb9ab0bb9a81464de91f9d3e379d3550b47baad791ceb9c52a877a5d4ec8c8e4e430a44da5f9a4f119d02904f99ada8914ba06356cb73b1f7ce185423a4b

    • SSDEEP

      768:AV1cVhpQI2EQK0iPDh84nScF15GYbWjXO3XJqJRn+xo:gQpQ5EP0ijnRTXJ/xo

    Score
    7/10
    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks