Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d05f54ffa289cf6eb2fd3f34ad3efc5d6dcd9c8bc305edac5cb4738bde1852a9
-
Size
383KB
-
Sample
241121-ysymlawmdw
-
MD5
26f8f90913ddb1c295931a8471a3a6fe
-
SHA1
7745d789dd5f4ba545f0f5b915e420636bdf990b
-
SHA256
d05f54ffa289cf6eb2fd3f34ad3efc5d6dcd9c8bc305edac5cb4738bde1852a9
-
SHA512
fa013065d1e57e1c3852b7adbf22d3c2847e3e17fe2f71a901bd3c50ba7b6bc333b5b6931f9e65fd1d3e79da24372dc322008ffed61d1ea2069eddee3ba675b8
-
SSDEEP
6144:qUxb5ai286LZbxYu9OydEioJLbiWFN3RhvVr5+5PcAYcEemehCITfwbPsHSxc6Ul:zxk/vxYuUyui4+WFNBFVdmPBqJjIzwby
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPING DOC CICOOPLBL.exe
Resource
win7-20241010-en
Malware Config
Extracted
xloader
2.3
xfts
dailiesplatform.com
krlanka.com
koms.info
chesslearner.com
softwarefully.com
yogiplayground.com
learhee.com
faithbook.info
pepperrefo.com
kratochvil-elektro.com
artbyg2.com
123-e.com
levelupyourbody.info
ecommercebusinessowner.com
floraseriestrilogy.com
sdyykt.com
swchof.com
huaxinhui.tech
sems-iress2016.com
vasudhalibrary.com
chummakizhi.com
gosleep-vietnam.com
plafon.one
sneakyhenry.com
x1699.com
flora4me.com
goofballtheclown.com
luckysevenboxesdesign.com
bioseefit-genuine.com
rjuanca.com
projectorcity.net
sustainablemedia.global
autoimmuneanswers.net
lessismoreee.com
xn--80aabjg7ciie7f.xn--p1acf
yourmoneyfuther.com
theatricsvirtual.com
appalachianholisticdentist.com
blaxies3.com
partycc.com
for-all-dream.com
szrhyl.com
databolism.com
loyalimportados.com
burnvioletinternational.com
graceinperspective.life
artsandfoodnyc.recipes
design4sys.com
medicalscreech.life
seeyouseeme.net
cernerarchive.net
ketamineinfusioncalgary.com
leagueofconsciouscreatives.com
triggerfishgroup.com
de-la-platiada.info
whatsmycurrency.com
stainset.com
museanimations.com
vip-5.com
corollabeachsetups.com
arcpest.com
kusamac.com
mustaphaswinga.com
dofreemovies.com
shhxqg.com
Targets
-
-
Target
SHIPPING DOC CICOOPLBL.bin
-
Size
471KB
-
MD5
73eb22341ce8fcc60593432d2d37c872
-
SHA1
9aad11376e92a7b87ae2296e1c146ef88e2b3e15
-
SHA256
985c930f9f983d8ec93977335ebff73b477d7aaa678c163be58714525fb9f273
-
SHA512
d8735d3a85a992a5e14fcfc4fa6df9b2eed7039c118cfb6536e1242b9b995b1924b97d1ad16b7f90dd692d0d06f1f262fb0828e45558d8d4ce73bc89ff72911e
-
SSDEEP
6144:g34P86jIlgv5aK9rj5vVFfAb04v+M4/Vf9fkhqx4YYAdCSjtDU/5hL5WwHPc+nfe:eYd9rjB14v4//f13RcatDAL5Wwv9f6u
-
Xloader family
-
Xloader payload
-
Blocklisted process makes network request
-
Deletes itself
-
Suspicious use of SetThreadContext
-