Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
740253f7075ea5e09021a78ff868d9c90931210aa12e2da91b60f1ea7380f759(1)
-
Size
315KB
-
Sample
231003-rpexrabe4z
-
MD5
754a0ca3356a8f76909cd9c5c41234d5
-
SHA1
c3d9d52316b071f0db5ca9cd6999bfc06141795b
-
SHA256
740253f7075ea5e09021a78ff868d9c90931210aa12e2da91b60f1ea7380f759
-
SHA512
d1fdc37b367dd2dba4cb75021299c12c22064b40d48ba6250568727b565e73c7bbe03691bb0b288dc0b588679d6d9408bf7ff7bb60a69b26e41cf69c4c78fbe5
-
SSDEEP
6144:K3B4ZXBhCirEL5BH46Zk16P9R8G1jqJ6TVKSK:K3BghvrELPH46ZAKjoQES
Static task
static1
Behavioral task
behavioral1
Sample
740253f7075ea5e09021a78ff868d9c90931210aa12e2da91b60f1ea7380f759(1).exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
740253f7075ea5e09021a78ff868d9c90931210aa12e2da91b60f1ea7380f759(1).exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
xworm
5.0
brightle.ddns.net:7000
jaSa0S2QQOuGarf8
-
install_file
USB.exe
Targets
-
-
Target
740253f7075ea5e09021a78ff868d9c90931210aa12e2da91b60f1ea7380f759(1)
-
Size
315KB
-
MD5
754a0ca3356a8f76909cd9c5c41234d5
-
SHA1
c3d9d52316b071f0db5ca9cd6999bfc06141795b
-
SHA256
740253f7075ea5e09021a78ff868d9c90931210aa12e2da91b60f1ea7380f759
-
SHA512
d1fdc37b367dd2dba4cb75021299c12c22064b40d48ba6250568727b565e73c7bbe03691bb0b288dc0b588679d6d9408bf7ff7bb60a69b26e41cf69c4c78fbe5
-
SSDEEP
6144:K3B4ZXBhCirEL5BH46Zk16P9R8G1jqJ6TVKSK:K3BghvrELPH46ZAKjoQES
Score10/10-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-