Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

3f4351c659...97.exe

windows7-x64

10

3f4351c659...97.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3f4351c659701ecbc9165d8a0cbdbc97.bin

  • Size

    55KB

  • Sample

    240220-b5y3kahe79

  • MD5

    3f4351c659701ecbc9165d8a0cbdbc97

  • SHA1

    2aa971037201e78b5b2f36432eeffaf4d0586256

  • SHA256

    bdb75df709e35babd74de16668d5d4fbd458d6d21c9adccc5ee72bb9d9f76746

  • SHA512

    972c96d9dd5384e71df9e9e5a4fb3b9bf345b8a9e8df6ac7a9d8a52e287dc7167a447d690a75f48228cabc8d1a34504abd5bd10bd2c79dbfa30776babf4e260b

  • SSDEEP

    1536:NlLhOi/dkCOHVWkNfx3nKn4yYWRhuyOOVPH:ffcWOfx1WRhuyOOVPH

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

amazonshipping.duckdns.org:7000

Attributes
  • Install_directory

    %LocalAppData%

  • install_file

    MSBuild.exe

Targets

    • Target

      3f4351c659701ecbc9165d8a0cbdbc97.bin

    • Size

      55KB

    • MD5

      3f4351c659701ecbc9165d8a0cbdbc97

    • SHA1

      2aa971037201e78b5b2f36432eeffaf4d0586256

    • SHA256

      bdb75df709e35babd74de16668d5d4fbd458d6d21c9adccc5ee72bb9d9f76746

    • SHA512

      972c96d9dd5384e71df9e9e5a4fb3b9bf345b8a9e8df6ac7a9d8a52e287dc7167a447d690a75f48228cabc8d1a34504abd5bd10bd2c79dbfa30776babf4e260b

    • SSDEEP

      1536:NlLhOi/dkCOHVWkNfx3nKn4yYWRhuyOOVPH:ffcWOfx1WRhuyOOVPH

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks