Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

z0chXQ.html

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    z0chXQ

  • Size

    504B

  • Sample

    240405-rdlk6aea4y

  • MD5

    4730807167b090d147a6ddca828ad4a6

  • SHA1

    0bc0b44393897389d0bc11db4117bea2c87f8744

  • SHA256

    49dc10bdc15d2f174bdff1e171ee4f7668312e3ea5526e7835ef8c3d913631bb

  • SHA512

    19c9e4780a9c5c1b84b2abdfce32ed67117b7ecad2b10f232a9001bb30c34b8098287aabc38f5c1642f08183feb7740c716935247b865a4eed5e71cb23207676

Score
10/10
xenoratpersistencepyinstallerratspywarestealertrojan

Malware Config

Extracted

Family

xenorat

C2

6.tcp.ngrok.io

Mutex

fdsfdsfsdfsdfnd8912d

Attributes
  • delay

    1000

  • install_path

    appdata

  • port

    17147

  • startup_name

    Intel Processor ©

Targets

    • Target

      z0chXQ

    • Size

      504B

    • MD5

      4730807167b090d147a6ddca828ad4a6

    • SHA1

      0bc0b44393897389d0bc11db4117bea2c87f8744

    • SHA256

      49dc10bdc15d2f174bdff1e171ee4f7668312e3ea5526e7835ef8c3d913631bb

    • SHA512

      19c9e4780a9c5c1b84b2abdfce32ed67117b7ecad2b10f232a9001bb30c34b8098287aabc38f5c1642f08183feb7740c716935247b865a4eed5e71cb23207676

    Score
    10/10
    xenoratpersistencepyinstallerratspywarestealertrojan

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks