Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f24a4d5b6036a3de2eba88868bd771f2.bin

  • Size

    3.2MB

  • Sample

    240312-fan2bsae65

  • MD5

    cfa125d30451777922f57b2746848d0b

  • SHA1

    12f36a2db29268492ff012afd1e20f795205d3db

  • SHA256

    511434d4178f6b01f150cf3afab9fdbc062a177d78469fb6bd27b3c87fc98c67

  • SHA512

    9318630a7ecbefdff4bee68317077f72a0eab10405a133367d51c434de20576dc7c6c2cae0f20a3270f340caed33905eb6ef09af00ce31b758ab50c674d6bb88

  • SSDEEP

    49152:dcFTYQ1hRx9s0mmXkw7UUWVVnceUJasKJDCO8+/oOE1CnhrLpNklK6Mw0M0cUTe:d2zxC0mw7wnKJasKRCWoO0Gh3SKnMH

Malware Config

Targets

    • Target

      2c2f38b6679224281d1f9a0bee4ac5db26f845e0d0eb74c0caa2d994411ee7e2.exe

    • Size

      3.3MB

    • MD5

      f24a4d5b6036a3de2eba88868bd771f2

    • SHA1

      3048d822d2b80d66284d1446052da0ba2be27d9e

    • SHA256

      2c2f38b6679224281d1f9a0bee4ac5db26f845e0d0eb74c0caa2d994411ee7e2

    • SHA512

      17a245a0c5e70982ea5f479319417864e122d3febbdf16d310d42b7f9acb8d7135fdf9c34082cd42858a4b98e696ec02d17b69deb249e8ed0cdfab26ec909bfc

    • SSDEEP

      49152:rbAa/I9L1n4OjdXalpe85gqWa4CRFaMQRh/7hK+OWp7W+qYp9foZWHyeHxYMp5FN:ga/K1Fa71qrMFO3DgCjqWQZWSmeMTPH

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks