Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Captura.PNG
-
Size
5KB
-
Sample
231207-3gbe5sgb58
-
MD5
34f29d29c7d0414604eb4828fdc599fc
-
SHA1
18560eb4061e00bfc21c2cc2561b1721a126bbe1
-
SHA256
0b93fd8f66072d586f07f21dfb6ced11e56f699ba3d860d42e91ae1cfea4d3c9
-
SHA512
14ae72fe6b69a2802e3fa60bf2bcf71179f6b20b649e265e70bc3a62fb6da42ce89ff9d20f5d604e71ab37ff29fe6ce9cb56556b01513c755a59ae9cb7255ebf
-
SSDEEP
96:pK0W4pDkqkJbt/nLHoO0rysgsUWk0d3AT958/H3RnyW24Lndw/2RNDsiYwE919Fn:XW4pYqct/LHoO0rysNUWkJ9585UJANDi
Static task
static1
Malware Config
Extracted
xworm
owner-cc.gl.at.ply.gg:32281
-
Install_directory
%AppData%
-
install_file
WindowsSoundSystem.exe
Targets
-
-
Target
Captura.PNG
-
Size
5KB
-
MD5
34f29d29c7d0414604eb4828fdc599fc
-
SHA1
18560eb4061e00bfc21c2cc2561b1721a126bbe1
-
SHA256
0b93fd8f66072d586f07f21dfb6ced11e56f699ba3d860d42e91ae1cfea4d3c9
-
SHA512
14ae72fe6b69a2802e3fa60bf2bcf71179f6b20b649e265e70bc3a62fb6da42ce89ff9d20f5d604e71ab37ff29fe6ce9cb56556b01513c755a59ae9cb7255ebf
-
SSDEEP
96:pK0W4pDkqkJbt/nLHoO0rysgsUWk0d3AT958/H3RnyW24Lndw/2RNDsiYwE919Fn:XW4pYqct/LHoO0rysNUWkJ9585UJANDi
-
Detect Umbral payload
-
Detect Xworm Payload
-
Drops startup file
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-