Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Captura.PNG

  • Size

    5KB

  • Sample

    231207-3gbe5sgb58

  • MD5

    34f29d29c7d0414604eb4828fdc599fc

  • SHA1

    18560eb4061e00bfc21c2cc2561b1721a126bbe1

  • SHA256

    0b93fd8f66072d586f07f21dfb6ced11e56f699ba3d860d42e91ae1cfea4d3c9

  • SHA512

    14ae72fe6b69a2802e3fa60bf2bcf71179f6b20b649e265e70bc3a62fb6da42ce89ff9d20f5d604e71ab37ff29fe6ce9cb56556b01513c755a59ae9cb7255ebf

  • SSDEEP

    96:pK0W4pDkqkJbt/nLHoO0rysgsUWk0d3AT958/H3RnyW24Lndw/2RNDsiYwE919Fn:XW4pYqct/LHoO0rysNUWkJ9585UJANDi

Malware Config

Extracted

Family

xworm

C2

owner-cc.gl.at.ply.gg:32281

Attributes
  • Install_directory

    %AppData%

  • install_file

    WindowsSoundSystem.exe

Targets

    • Target

      Captura.PNG

    • Size

      5KB

    • MD5

      34f29d29c7d0414604eb4828fdc599fc

    • SHA1

      18560eb4061e00bfc21c2cc2561b1721a126bbe1

    • SHA256

      0b93fd8f66072d586f07f21dfb6ced11e56f699ba3d860d42e91ae1cfea4d3c9

    • SHA512

      14ae72fe6b69a2802e3fa60bf2bcf71179f6b20b649e265e70bc3a62fb6da42ce89ff9d20f5d604e71ab37ff29fe6ce9cb56556b01513c755a59ae9cb7255ebf

    • SSDEEP

      96:pK0W4pDkqkJbt/nLHoO0rysgsUWk0d3AT958/H3RnyW24Lndw/2RNDsiYwE919Fn:XW4pYqct/LHoO0rysNUWkJ9585UJANDi

    • Detect Umbral payload

    • Detect Xworm Payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Drops startup file

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks