Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
obfuscated.exe
-
Size
38.3MB
-
Sample
240308-hfbpashf78
-
MD5
69a03bb48ee81a00bd8347bc420a0342
-
SHA1
b16cb191f4a5f5b151d8fe9591e81657e1d0366c
-
SHA256
a19ca27eb45dc2e8851f7c93097f92ac78f7971d43b4685d16c706e3c2524434
-
SHA512
63c3e80a6848fedf368e0be17119a21cba2074b2e4f1c50d48fcc200537e0c07f2da809cf463001a99da2fc56206414d0ceef6bebf5e5c1d9e22c4b8968275c7
-
SSDEEP
393216:d76L6otUitqtH7wHtXq2pt2jbOCacCFIK0fpP9HF4VW8yfcnVQx4urYsANulL7Na:d0LoCOn+2cs4urYDNulLBiue
Static task
static1
Behavioral task
behavioral1
Sample
obfuscated.exe
Resource
win11-20240221-en
Malware Config
Extracted
xworm
5.0
91.92.245.248:7000
8ZKAq60sTZYIePSv
-
Install_directory
%ProgramData%
-
install_file
proquota.exe
Targets
-
-
Target
obfuscated.exe
-
Size
38.3MB
-
MD5
69a03bb48ee81a00bd8347bc420a0342
-
SHA1
b16cb191f4a5f5b151d8fe9591e81657e1d0366c
-
SHA256
a19ca27eb45dc2e8851f7c93097f92ac78f7971d43b4685d16c706e3c2524434
-
SHA512
63c3e80a6848fedf368e0be17119a21cba2074b2e4f1c50d48fcc200537e0c07f2da809cf463001a99da2fc56206414d0ceef6bebf5e5c1d9e22c4b8968275c7
-
SSDEEP
393216:d76L6otUitqtH7wHtXq2pt2jbOCacCFIK0fpP9HF4VW8yfcnVQx4urYsANulL7Na:d0LoCOn+2cs4urYDNulLBiue
Score10/10-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-