Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    XClient(2).exe

  • Size

    39KB

  • Sample

    231021-s83ctsfd8v

  • MD5

    d7b4762c5762acf9e2f81bab771a83de

  • SHA1

    cf3ee942c13aafb720013ca208fcb27777cc1f83

  • SHA256

    5dc20ed9d6ac1625289cf844fa7b333f39468610e9400a87801e62150477269b

  • SHA512

    6b21f7b64387e450baf3425e7a378000920c412621cb4add8979e2c018410ea853d068c75d26ecddbaa75987a6972f2e148b686f18d60ce425fc28dbee011b7d

  • SSDEEP

    768:ae8A4X7P7DHAKPCt/kXE8UjF5Ph9C2B6FOwhaICBHCgc+:BQXXMB1wtUFD9VB6FOwjMiI

Score
10/10

Malware Config

Extracted

Family

xworm

Version

3.0

C2

reference-tokyo.at.ply.gg:3329

Mutex

MCeJ4wdHznLtXEja

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

aes.plain

Targets

    • Target

      XClient(2).exe

    • Size

      39KB

    • MD5

      d7b4762c5762acf9e2f81bab771a83de

    • SHA1

      cf3ee942c13aafb720013ca208fcb27777cc1f83

    • SHA256

      5dc20ed9d6ac1625289cf844fa7b333f39468610e9400a87801e62150477269b

    • SHA512

      6b21f7b64387e450baf3425e7a378000920c412621cb4add8979e2c018410ea853d068c75d26ecddbaa75987a6972f2e148b686f18d60ce425fc28dbee011b7d

    • SSDEEP

      768:ae8A4X7P7DHAKPCt/kXE8UjF5Ph9C2B6FOwhaICBHCgc+:BQXXMB1wtUFD9VB6FOwjMiI

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

MITRE ATT&CK Matrix

Tasks