Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
957c5e7b601625607156472922c42f71
-
Size
27KB
-
Sample
240224-k8lfbafe65
-
MD5
957c5e7b601625607156472922c42f71
-
SHA1
f20f5276a82b7031158fc258a2d2515ce768a638
-
SHA256
182465409ee5ab38edef02790d344e9d20e164b383200e5813a147236dd707b0
-
SHA512
9f93d0fc1f1acc0811f317387e1ccabe2c22591bf491e7b80cecd56cccb75dd2c40731439b20d36cd850fd7c1c2c4d27f9b99f56f7f8711e9e4749a73a3e861e
-
SSDEEP
384:S2KxgWJU2F9b6INSiizVy5ADXtysKPnWH5Wf7/D1IDBRJJSrxGw6lx87Pr:22WbrzNRD5QVKMOI1PmkEr
Static task
static1
Behavioral task
behavioral1
Sample
957c5e7b601625607156472922c42f71.exe
Resource
win7-20240221-en
Malware Config
Extracted
xworm
3.1
gamemodz.duckdns.org:7000
-
install_file
USB.exe
Targets
-
-
Target
957c5e7b601625607156472922c42f71
-
Size
27KB
-
MD5
957c5e7b601625607156472922c42f71
-
SHA1
f20f5276a82b7031158fc258a2d2515ce768a638
-
SHA256
182465409ee5ab38edef02790d344e9d20e164b383200e5813a147236dd707b0
-
SHA512
9f93d0fc1f1acc0811f317387e1ccabe2c22591bf491e7b80cecd56cccb75dd2c40731439b20d36cd850fd7c1c2c4d27f9b99f56f7f8711e9e4749a73a3e861e
-
SSDEEP
384:S2KxgWJU2F9b6INSiizVy5ADXtysKPnWH5Wf7/D1IDBRJJSrxGw6lx87Pr:22WbrzNRD5QVKMOI1PmkEr
-
Detect Xworm Payload
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-