Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
33f4da54d0818b1057088933aa143d64.bin
-
Size
42KB
-
Sample
231121-bstmbaca5v
-
MD5
33f4da54d0818b1057088933aa143d64
-
SHA1
9735288f7295d46685425eb3563fe8400dd9531a
-
SHA256
774f2a3f0d583501835a717a03f508ada182181d4c4ccb374ce07de72187fd7f
-
SHA512
0a04c1b3e69060a95848b6e1006bbb84301edd5390ca35c00127dce05f55c2045f4b18a347fa0311ed4c5f2f524dcdc415eeda698d26feac742dd1c6e48d9a37
-
SSDEEP
768:YTts7oAqUs54ZFLterXT+2n4KXAAZFEPh9/qYOChHvk2BYLfgQ:keHY4jsrTTX9Fw9/qYOC2Q+7
Behavioral task
behavioral1
Sample
33f4da54d0818b1057088933aa143d64.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
33f4da54d0818b1057088933aa143d64.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
xworm
3.1
2.tcp.eu.ngrok.io:19217
tPbnBtGFRRkRqaeq
-
Install_directory
%AppData%
-
install_file
USB.exe
Targets
-
-
Target
33f4da54d0818b1057088933aa143d64.bin
-
Size
42KB
-
MD5
33f4da54d0818b1057088933aa143d64
-
SHA1
9735288f7295d46685425eb3563fe8400dd9531a
-
SHA256
774f2a3f0d583501835a717a03f508ada182181d4c4ccb374ce07de72187fd7f
-
SHA512
0a04c1b3e69060a95848b6e1006bbb84301edd5390ca35c00127dce05f55c2045f4b18a347fa0311ed4c5f2f524dcdc415eeda698d26feac742dd1c6e48d9a37
-
SSDEEP
768:YTts7oAqUs54ZFLterXT+2n4KXAAZFEPh9/qYOChHvk2BYLfgQ:keHY4jsrTTX9Fw9/qYOC2Q+7
Score10/10-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-