Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    rsht5tnjrym.exe

  • Size

    55KB

  • Sample

    240224-1fnmzafb22

  • MD5

    0fa53d14194aef9688ed160ed379af46

  • SHA1

    9b8106d23cb02e8e0592bbe16b26583552509c9d

  • SHA256

    153d02c6e6df5dfa39291f0d1ff049f6ff523c4f1328dc1663ff5eefbddf69cb

  • SHA512

    575767a2edb1d709b544b46ada6bde1d27b433c1eca921c59ccfdf4598b4124e2eac50b39b5359c7ca075d7d2cd505573d8ed18c5641f3756b1405f52a068e5b

  • SSDEEP

    1536:QT/JFTbei0RcAIEKZkbpd5dqdy961SOOgSVKXgNl:erARcADKZkbL5rqOgSKgN

Score
10/10

Malware Config

Extracted

Family

xworm

C2

funut-24924.portmap.io:19312

Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

Targets

    • Target

      rsht5tnjrym.exe

    • Size

      55KB

    • MD5

      0fa53d14194aef9688ed160ed379af46

    • SHA1

      9b8106d23cb02e8e0592bbe16b26583552509c9d

    • SHA256

      153d02c6e6df5dfa39291f0d1ff049f6ff523c4f1328dc1663ff5eefbddf69cb

    • SHA512

      575767a2edb1d709b544b46ada6bde1d27b433c1eca921c59ccfdf4598b4124e2eac50b39b5359c7ca075d7d2cd505573d8ed18c5641f3756b1405f52a068e5b

    • SSDEEP

      1536:QT/JFTbei0RcAIEKZkbpd5dqdy961SOOgSVKXgNl:erARcADKZkbL5rqOgSKgN

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

MITRE ATT&CK Enterprise v15

Tasks