Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    sddp-17.2.3-setup.exe

  • Size

    155.0MB

  • Sample

    230421-t6gh1sgh29

  • MD5

    cd8dfaef662e9516e39cad0c0500ce02

  • SHA1

    23a7ae69bb06948b906ce225f6af51306696432d

  • SHA256

    fb6a40f06d1fd02e4425b4a965d5a0da959997faca162e5bc4c62002c7d3977e

  • SHA512

    dc641ea5214b5dd31cb7230bdac3a22294ad25873ffbf33b7ac5a2ef6d656e7ecf45082126c9176e68abaebc2e113c6fd1b4ebe78565671256a979a75d5d8f64

  • SSDEEP

    3145728:zJSY+WE3GC9VfddaufCM2mwztxcOPfXKgo++SzRR8Op/K9oJWT5E+N:zJSBlVr42ChmItxtfXKgr+SlR8Op/6TN

Malware Config

Targets

    • Target

      sddp-17.2.3-setup.exe

    • Size

      155.0MB

    • MD5

      cd8dfaef662e9516e39cad0c0500ce02

    • SHA1

      23a7ae69bb06948b906ce225f6af51306696432d

    • SHA256

      fb6a40f06d1fd02e4425b4a965d5a0da959997faca162e5bc4c62002c7d3977e

    • SHA512

      dc641ea5214b5dd31cb7230bdac3a22294ad25873ffbf33b7ac5a2ef6d656e7ecf45082126c9176e68abaebc2e113c6fd1b4ebe78565671256a979a75d5d8f64

    • SSDEEP

      3145728:zJSY+WE3GC9VfddaufCM2mwztxcOPfXKgo++SzRR8Op/K9oJWT5E+N:zJSBlVr42ChmItxtfXKgr+SlR8Op/6TN

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks