Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    XClient.exe

  • Size

    33KB

  • Sample

    240421-zlqh3sbe61

  • MD5

    d9887dc500103e33a0f65ee4e3a74a73

  • SHA1

    25919df3eaed1f589e6d5693a4be98a93ca55420

  • SHA256

    d8e8574070b46cb5ec63d41a89012f6910e19172b05c51b35a930fbe4ef0a75d

  • SHA512

    cdf8a42ccc2d45e00a3545c2a61b8ff662e52f1b634298c7fd99f7b5b9ad1aed4776a2db4439ef8e565c5c034c67ffc334cf2858e19b6447dd9751809eba83ee

  • SSDEEP

    768:KUa+vNohsXn42JiB70wVF49j/FbOjhlby:hvNohsn4WiR06F49j/lOjnW

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

87.121.105.227:7000

Mutex

fg6y5VZ2fwQckTwB

Attributes
  • install_file

    USB.exe

aes.plain
1
MiG12KYR8sImVKJbSRT51A==

Targets

    • Target

      XClient.exe

    • Size

      33KB

    • MD5

      d9887dc500103e33a0f65ee4e3a74a73

    • SHA1

      25919df3eaed1f589e6d5693a4be98a93ca55420

    • SHA256

      d8e8574070b46cb5ec63d41a89012f6910e19172b05c51b35a930fbe4ef0a75d

    • SHA512

      cdf8a42ccc2d45e00a3545c2a61b8ff662e52f1b634298c7fd99f7b5b9ad1aed4776a2db4439ef8e565c5c034c67ffc334cf2858e19b6447dd9751809eba83ee

    • SSDEEP

      768:KUa+vNohsXn42JiB70wVF49j/FbOjhlby:hvNohsn4WiR06F49j/lOjnW

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

MITRE ATT&CK Matrix

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.