Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
XClient.exe
-
Size
137KB
-
Sample
240227-vmd48aef63
-
MD5
e09d49a6363409dceb37e1a4eb46c337
-
SHA1
3ea58317e91173b2a0d933f1a62096a469669049
-
SHA256
54126a6703276127b5748d2a38fa05330405cca356069571ee10350f655890bb
-
SHA512
a8fc0c70c13ee6ce01411659986daabe2106a4685e404ee63ef02283928cb9b1a94f79da386896a2d9b8218bce60bebd6d53f249697da9422e7393ec6329d2cd
-
SSDEEP
768:fjydtdHSpeUGDEqb1Fu9XoOfhEDL2NODfzkeoTpGB:y9UGIqpFu9XoOfnsfkHIB
Malware Config
Extracted
xworm
3.1
hydraww.ddns.net:80
vjdvm5kiFTVTTlzT
-
Install_directory
%Userprofile%
-
install_file
USB.exe
Targets
-
-
Target
XClient.exe
-
Size
137KB
-
MD5
e09d49a6363409dceb37e1a4eb46c337
-
SHA1
3ea58317e91173b2a0d933f1a62096a469669049
-
SHA256
54126a6703276127b5748d2a38fa05330405cca356069571ee10350f655890bb
-
SHA512
a8fc0c70c13ee6ce01411659986daabe2106a4685e404ee63ef02283928cb9b1a94f79da386896a2d9b8218bce60bebd6d53f249697da9422e7393ec6329d2cd
-
SSDEEP
768:fjydtdHSpeUGDEqb1Fu9XoOfhEDL2NODfzkeoTpGB:y9UGIqpFu9XoOfnsfkHIB
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Detect Xworm Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-