Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d05f54ffa289cf6eb2fd3f34ad3efc5d6dcd9c8bc305edac5cb4738bde1852a9

  • Size

    383KB

  • Sample

    241121-ysymlawmdw

  • MD5

    26f8f90913ddb1c295931a8471a3a6fe

  • SHA1

    7745d789dd5f4ba545f0f5b915e420636bdf990b

  • SHA256

    d05f54ffa289cf6eb2fd3f34ad3efc5d6dcd9c8bc305edac5cb4738bde1852a9

  • SHA512

    fa013065d1e57e1c3852b7adbf22d3c2847e3e17fe2f71a901bd3c50ba7b6bc333b5b6931f9e65fd1d3e79da24372dc322008ffed61d1ea2069eddee3ba675b8

  • SSDEEP

    6144:qUxb5ai286LZbxYu9OydEioJLbiWFN3RhvVr5+5PcAYcEemehCITfwbPsHSxc6Ul:zxk/vxYuUyui4+WFNBFVdmPBqJjIzwby

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

xfts

Decoy

dailiesplatform.com

krlanka.com

koms.info

chesslearner.com

softwarefully.com

yogiplayground.com

learhee.com

faithbook.info

pepperrefo.com

kratochvil-elektro.com

artbyg2.com

123-e.com

levelupyourbody.info

ecommercebusinessowner.com

floraseriestrilogy.com

sdyykt.com

swchof.com

huaxinhui.tech

sems-iress2016.com

vasudhalibrary.com

Targets

    • Target

      SHIPPING DOC CICOOPLBL.bin

    • Size

      471KB

    • MD5

      73eb22341ce8fcc60593432d2d37c872

    • SHA1

      9aad11376e92a7b87ae2296e1c146ef88e2b3e15

    • SHA256

      985c930f9f983d8ec93977335ebff73b477d7aaa678c163be58714525fb9f273

    • SHA512

      d8735d3a85a992a5e14fcfc4fa6df9b2eed7039c118cfb6536e1242b9b995b1924b97d1ad16b7f90dd692d0d06f1f262fb0828e45558d8d4ce73bc89ff72911e

    • SSDEEP

      6144:g34P86jIlgv5aK9rj5vVFfAb04v+M4/Vf9fkhqx4YYAdCSjtDU/5hL5WwHPc+nfe:eYd9rjB14v4//f13RcatDAL5Wwv9f6u

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader family

    • Xloader payload

    • Blocklisted process makes network request

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks