Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    payload.zip

  • Size

    519KB

  • Sample

    231013-dgs8hsde72

  • MD5

    14711210c0f7e1bd9af1f8dcf1c41f35

  • SHA1

    4a48a0793671a0ad805b336e0e83268432f34d06

  • SHA256

    30e9d6da81c87ab58d9575188664de49b2c434f6b1346a2a5033b49992254464

  • SHA512

    1e684a6edff2bc87dfa6d2b66c50c9f5f5951a98c0ec39e89874347d4e2b0d26487441c4a163ca1d1b5a0633235e40dab1ac2876f326d291262869ad9f428fa7

  • SSDEEP

    3072:gqaeEOk3gWdflsgC72aemzez6mTTEQOPM5TfL+E9waiWdsokN1cx24dG4mmjyVcT:gkBQgWp3emTuPqCESIdsfPcxLJ5xRsTm

Score
10/10

Malware Config

Extracted

Family

xworm

Version

3.1

C2

mikexwormxxxyy.ddns.net:7000

Mutex

ir1SigksGA3TjceN

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      payload.dll

    • Size

      300.0MB

    • MD5

      3ba404b551a241dfb984735c87622741

    • SHA1

      1b2a4cbdacf4f33c8f863d557744bb18ba8485f6

    • SHA256

      b4717d4c65dc8d69d33ac0dc7d3f7608637a420cd3454f4eec0a2238d83327d4

    • SHA512

      3ec6d0ab748c0920d42def7e722847fefc6466142f8221589d14111311726ceb015f0ef60bb4bc8b086f5e6cd5073e6c8a2fb4f8dd8003121c5216a944430b21

    • SSDEEP

      6144:iA+z1A+PNVjAyk6GEmmF/aKCH+MuzMy4:mAGkbFt+

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

MITRE ATT&CK Matrix

Tasks