Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bLYU.exe

  • Size

    56KB

  • Sample

    231006-wf3pnsgh35

  • MD5

    99ac1041885d76a382b9a79e8c6cfe81

  • SHA1

    1e32ee6a17e9526d41832177ed2d765fac9b8753

  • SHA256

    001e2be0b431a33fbc7d0eb1fabd07d5c1cdba26ebef12e85b2a7ba58bdd995c

  • SHA512

    55158c15a94735bf2ad80d70ce255c55d5a08749ae0596229f7e27878a22add8c191d8e69c866f6d98270b3332ee8c3cde60ee7cfdc502dcd38c74fe844ce754

  • SSDEEP

    768:cFhVBuPWuUzEbOszEaN9B+7Bpe3GnAZQgS1m2LRRqsEbGlYFer7wiJncDqjP619s:nbOsQzBQ3GQQZ1TffEbGyC7wkn2O7nV

Score
10/10

Malware Config

Extracted

Family

xworm

Version

3.0

C2

18.231.156.119:7000

Attributes
  • install_file

    USB.exe

Targets

    • Target

      bLYU.exe

    • Size

      56KB

    • MD5

      99ac1041885d76a382b9a79e8c6cfe81

    • SHA1

      1e32ee6a17e9526d41832177ed2d765fac9b8753

    • SHA256

      001e2be0b431a33fbc7d0eb1fabd07d5c1cdba26ebef12e85b2a7ba58bdd995c

    • SHA512

      55158c15a94735bf2ad80d70ce255c55d5a08749ae0596229f7e27878a22add8c191d8e69c866f6d98270b3332ee8c3cde60ee7cfdc502dcd38c74fe844ce754

    • SSDEEP

      768:cFhVBuPWuUzEbOszEaN9B+7Bpe3GnAZQgS1m2LRRqsEbGlYFer7wiJncDqjP619s:nbOsQzBQ3GQQZ1TffEbGyC7wkn2O7nV

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Drops startup file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks