Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bLYU.exe
-
Size
56KB
-
Sample
231006-wf3pnsgh35
-
MD5
99ac1041885d76a382b9a79e8c6cfe81
-
SHA1
1e32ee6a17e9526d41832177ed2d765fac9b8753
-
SHA256
001e2be0b431a33fbc7d0eb1fabd07d5c1cdba26ebef12e85b2a7ba58bdd995c
-
SHA512
55158c15a94735bf2ad80d70ce255c55d5a08749ae0596229f7e27878a22add8c191d8e69c866f6d98270b3332ee8c3cde60ee7cfdc502dcd38c74fe844ce754
-
SSDEEP
768:cFhVBuPWuUzEbOszEaN9B+7Bpe3GnAZQgS1m2LRRqsEbGlYFer7wiJncDqjP619s:nbOsQzBQ3GQQZ1TffEbGyC7wkn2O7nV
Behavioral task
behavioral1
Sample
bLYU.exe
Resource
win7-20230831-en
Malware Config
Extracted
xworm
3.0
18.231.156.119:7000
-
install_file
USB.exe
Targets
-
-
Target
bLYU.exe
-
Size
56KB
-
MD5
99ac1041885d76a382b9a79e8c6cfe81
-
SHA1
1e32ee6a17e9526d41832177ed2d765fac9b8753
-
SHA256
001e2be0b431a33fbc7d0eb1fabd07d5c1cdba26ebef12e85b2a7ba58bdd995c
-
SHA512
55158c15a94735bf2ad80d70ce255c55d5a08749ae0596229f7e27878a22add8c191d8e69c866f6d98270b3332ee8c3cde60ee7cfdc502dcd38c74fe844ce754
-
SSDEEP
768:cFhVBuPWuUzEbOszEaN9B+7Bpe3GnAZQgS1m2LRRqsEbGlYFer7wiJncDqjP619s:nbOsQzBQ3GQQZ1TffEbGyC7wkn2O7nV
-
Detect Xworm Payload
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-