Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SteamSetup.exe
-
Size
7.6MB
-
Sample
231011-fwfxvade63
-
MD5
e9e90acb743b53007dc1b7908cadec37
-
SHA1
c396df39ae540bd589802d17bbc5382740f4d861
-
SHA256
e6234adc4009f934481d9138b131bf9567514c8384851a5d6e7f0c1fc96cb07b
-
SHA512
dfc447434af9f7051587a20cc523236ffd2bcbea638173912f3bf898f90007315c446390ef7ac83b3b1dcfdb4b6cca76a8c7ba4c2ef15b1b60f06bfd77492123
-
SSDEEP
196608:1l7x31wnc72nlUrZADXfphNBbXtVWrLXQr9lba:R31wnc6mAbfpVfWgDa
Malware Config
Targets
-
-
Target
SteamSetup.exe
-
Size
7.6MB
-
MD5
e9e90acb743b53007dc1b7908cadec37
-
SHA1
c396df39ae540bd589802d17bbc5382740f4d861
-
SHA256
e6234adc4009f934481d9138b131bf9567514c8384851a5d6e7f0c1fc96cb07b
-
SHA512
dfc447434af9f7051587a20cc523236ffd2bcbea638173912f3bf898f90007315c446390ef7ac83b3b1dcfdb4b6cca76a8c7ba4c2ef15b1b60f06bfd77492123
-
SSDEEP
196608:1l7x31wnc72nlUrZADXfphNBbXtVWrLXQr9lba:R31wnc6mAbfpVfWgDa
Score10/10-
Detect Xworm Payload
-
Xworm
Xworm is a remote access trojan written in C#.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-