Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
X-Executor.exe
-
Size
16.9MB
-
Sample
240420-egntgage8s
-
MD5
a959fa6e789e7933b1c889299bbc2ee6
-
SHA1
8d73e032c5f846dc8a634af1a9fb03267aeb5052
-
SHA256
f0c86145705a442ae6dbf9ecd7dd8539c4630e4da8ea0ded8a2e27bfeb135046
-
SHA512
7967f210c0d5cd3ed3f94cfa6641a23364afe80a721d0b636243a663f78035d3bb0ce8c2440623063bf9512e609c6f5fa7c32fc1ce590dba08841ccefc3b08d6
-
SSDEEP
393216:XKc9WLFTh2Jp5qC3njkw2QaFqyYgs6FVXGYydNEbKDG:ac9QFTh50j2QR96dKyIG
Malware Config
Targets
-
-
Target
X-Executor.exe
-
Size
16.9MB
-
MD5
a959fa6e789e7933b1c889299bbc2ee6
-
SHA1
8d73e032c5f846dc8a634af1a9fb03267aeb5052
-
SHA256
f0c86145705a442ae6dbf9ecd7dd8539c4630e4da8ea0ded8a2e27bfeb135046
-
SHA512
7967f210c0d5cd3ed3f94cfa6641a23364afe80a721d0b636243a663f78035d3bb0ce8c2440623063bf9512e609c6f5fa7c32fc1ce590dba08841ccefc3b08d6
-
SSDEEP
393216:XKc9WLFTh2Jp5qC3njkw2QaFqyYgs6FVXGYydNEbKDG:ac9QFTh50j2QR96dKyIG
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-