Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    xcmd_beta.exe

  • Size

    12.0MB

  • Sample

    240221-naagyaec7z

  • MD5

    a7f6ac81005d3e507607fceec84172c2

  • SHA1

    9a4cadbc83011d334dda40a68dabf18677715827

  • SHA256

    353d15184f93934d829210b52bb1392751527205481f7ba8178ca4ba7b7b95dd

  • SHA512

    953cd68bb37cf4131c2be2d81674dcf801f652a5ebb35b059df04123c906aecaf36da8724ea29b3e26cad60c16da211d9e8ca3be74917fefa2a301e4e0b94ec4

  • SSDEEP

    196608:Z6Y2aQQ3l+DfyGwcVNQOVfW21X5Sp6GemDMPwuWuS9rSSgtVnKAihAie4iVx:EY2aQVDfD/zBlpfaMPDS9rGkNiVx

Score
8/10

Malware Config

Targets

    • Target

      xcmd_beta.exe

    • Size

      12.0MB

    • MD5

      a7f6ac81005d3e507607fceec84172c2

    • SHA1

      9a4cadbc83011d334dda40a68dabf18677715827

    • SHA256

      353d15184f93934d829210b52bb1392751527205481f7ba8178ca4ba7b7b95dd

    • SHA512

      953cd68bb37cf4131c2be2d81674dcf801f652a5ebb35b059df04123c906aecaf36da8724ea29b3e26cad60c16da211d9e8ca3be74917fefa2a301e4e0b94ec4

    • SSDEEP

      196608:Z6Y2aQQ3l+DfyGwcVNQOVfW21X5Sp6GemDMPwuWuS9rSSgtVnKAihAie4iVx:EY2aQVDfD/zBlpfaMPDS9rGkNiVx

    Score
    8/10
    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks