Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
byfron_bypass.exe
-
Size
18KB
-
Sample
231208-aph6qsgc68
-
MD5
5bd350bc71289dbd7c51db52c088870d
-
SHA1
2f5ea7492c82f84c2e1c7731fe761f9ec6999e2a
-
SHA256
2220cf943e357754b35ea78fc1b0ec8801130409dc0e5c49854957f140dd2852
-
SHA512
dab49aac7c7b03b92e4bef6022ff7beb00ed2b30313f4d5b9e5789434058a7c21d3065f0f2a6ddaf3be1e8790241fb0a36ef5e888f6a4cbd7478cde4df83c3c6
-
SSDEEP
384:GdCbT8Fa1Tu4nX19ZDkOJtLgwrbj8qL2wNoFmqOk7o9:9dFXDkO3gwr9LS7o9
Static task
static1
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1182449804958248970/DRF0ya2e3evg84K0Bvj6KDwl3i7xtSWZ3g0gIs0o-TUVRK-JP1st19-yHi5V8uo23sfe
Extracted
xworm
owner-cc.gl.at.ply.gg:32281
-
Install_directory
%AppData%
-
install_file
WindowsSoundSystem.exe
Targets
-
-
Target
byfron_bypass.exe
-
Size
18KB
-
MD5
5bd350bc71289dbd7c51db52c088870d
-
SHA1
2f5ea7492c82f84c2e1c7731fe761f9ec6999e2a
-
SHA256
2220cf943e357754b35ea78fc1b0ec8801130409dc0e5c49854957f140dd2852
-
SHA512
dab49aac7c7b03b92e4bef6022ff7beb00ed2b30313f4d5b9e5789434058a7c21d3065f0f2a6ddaf3be1e8790241fb0a36ef5e888f6a4cbd7478cde4df83c3c6
-
SSDEEP
384:GdCbT8Fa1Tu4nX19ZDkOJtLgwrbj8qL2wNoFmqOk7o9:9dFXDkO3gwr9LS7o9
-
Detect Umbral payload
-
Detect Xworm Payload
-
Drops startup file
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-