Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
XClient.exe
-
Size
53KB
-
Sample
231022-m8bbfshe97
-
MD5
eaaac4a17b21194048d0f564418354eb
-
SHA1
cf80a897ef1c3ce5ee96c4a76361fa393b0377e3
-
SHA256
d5070e263784d46bf63ef95bb678f6fc52677e8f80aabdd731fc4962d3d11853
-
SHA512
ae87e9fda5144e362162700f46dbacd26ffda4743d006c20dd6c0b662ef1a9cba055d9e7c743d8d7faae5e38b4a7ca9913ca4cccc69bb09ef7e51e115ecd7ff4
-
SSDEEP
1536:F4DwCp5o8ExxcGF69Wu6ZOCV2qV64fUX8u:F4DwKaTxmGF69WZOCTVhcX8u
Behavioral task
behavioral1
Sample
XClient.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
xworm
5.0
goheg99417-59409.portmap.host:59409
cHm9d6xtfIRWUS7Z
-
Install_directory
%Userprofile%
-
install_file
XClient.exe
Targets
-
-
Target
XClient.exe
-
Size
53KB
-
MD5
eaaac4a17b21194048d0f564418354eb
-
SHA1
cf80a897ef1c3ce5ee96c4a76361fa393b0377e3
-
SHA256
d5070e263784d46bf63ef95bb678f6fc52677e8f80aabdd731fc4962d3d11853
-
SHA512
ae87e9fda5144e362162700f46dbacd26ffda4743d006c20dd6c0b662ef1a9cba055d9e7c743d8d7faae5e38b4a7ca9913ca4cccc69bb09ef7e51e115ecd7ff4
-
SSDEEP
1536:F4DwCp5o8ExxcGF69Wu6ZOCV2qV64fUX8u:F4DwKaTxmGF69WZOCTVhcX8u
Score10/10-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-