Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
chrome.exe
-
Size
157KB
-
Sample
240406-1lg3dabh2s
-
MD5
25060bd356ab33ef0d384d3e1604b3a2
-
SHA1
7460a12aeb3735df974921e8ae2e933371cbb96b
-
SHA256
53775b3af0da7e20661ac7779099b3e0ed21c28197edb9fe8702eabca3e94a91
-
SHA512
b75ee64cd7048383ef64199627312d613b5f2e2e89783050e8bc885b504ff15d0b6fa53434bc792081a40d512286199e853bed34c0c081305c5805bdd8b5c862
-
SSDEEP
3072:Ajycy37zaF09LmmOC14NpVq8BxFRzaqF+o2GQJ7/JzqVfGvZ:A9yc09qogVqwlL
Behavioral task
behavioral1
Sample
chrome.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
chrome.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xworm
5.0
Targets
-
-
Target
chrome.exe
-
Size
157KB
-
MD5
25060bd356ab33ef0d384d3e1604b3a2
-
SHA1
7460a12aeb3735df974921e8ae2e933371cbb96b
-
SHA256
53775b3af0da7e20661ac7779099b3e0ed21c28197edb9fe8702eabca3e94a91
-
SHA512
b75ee64cd7048383ef64199627312d613b5f2e2e89783050e8bc885b504ff15d0b6fa53434bc792081a40d512286199e853bed34c0c081305c5805bdd8b5c862
-
SSDEEP
3072:Ajycy37zaF09LmmOC14NpVq8BxFRzaqF+o2GQJ7/JzqVfGvZ:A9yc09qogVqwlL
Score10/10-
Detect Xworm Payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-