Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    10265ef7d6568a1b67cd65013ecc2bb5bf98b11b8186a5f13f432da0c69613b6_JC.exe

  • Size

    296KB

  • Sample

    231011-njs1msbg4y

  • MD5

    5fac40a82226f46504aef22f79233ad7

  • SHA1

    c4035a3190fa59840aad19156711c63199d9812e

  • SHA256

    10265ef7d6568a1b67cd65013ecc2bb5bf98b11b8186a5f13f432da0c69613b6

  • SHA512

    b0fa9ea2dabf45aff55c45499489f2c7a414815664532d0d4579c94f78fe9feb8e5175f49c31e3a6d35694c99911cb6b1dfcf4b49da27ee9d17fe5cba3aa958b

  • SSDEEP

    3072:uCmy2JV7y4nWfFCPP/7SQDADn1qlOJqrC96hJSIqdsITzauJ4iTJOrDqK+kLQJ5S:uy1faP/DAD1zB9ySIYzauE9+k

Score
10/10

Malware Config

Extracted

Family

xworm

Version

3.1

C2

xwormfresh.duckdns.org:7002

Mutex

Ytep6ubSVJFcAJf5

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      10265ef7d6568a1b67cd65013ecc2bb5bf98b11b8186a5f13f432da0c69613b6_JC.exe

    • Size

      296KB

    • MD5

      5fac40a82226f46504aef22f79233ad7

    • SHA1

      c4035a3190fa59840aad19156711c63199d9812e

    • SHA256

      10265ef7d6568a1b67cd65013ecc2bb5bf98b11b8186a5f13f432da0c69613b6

    • SHA512

      b0fa9ea2dabf45aff55c45499489f2c7a414815664532d0d4579c94f78fe9feb8e5175f49c31e3a6d35694c99911cb6b1dfcf4b49da27ee9d17fe5cba3aa958b

    • SSDEEP

      3072:uCmy2JV7y4nWfFCPP/7SQDADn1qlOJqrC96hJSIqdsITzauJ4iTJOrDqK+kLQJ5S:uy1faP/DAD1zB9ySIYzauE9+k

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks