Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Vanta.zip
-
Size
66KB
-
Sample
240430-tp48racf44
-
MD5
365ec42fb280de0735990095182e7e84
-
SHA1
6e64ecac43849d9c6cbfad0b41d16e8c26e29752
-
SHA256
3acf3a6cf0e3b5a83e56b562becffdae8ae5c91d0b33d333b191e248e8b1310d
-
SHA512
bd99c0e1954f2068d707983aa06c1429c6400ae5e53e80ba76554875753335eb2f1f9d55450e45ae3719f3caa6887ad0cf93ba077af66fd351526836452f42e3
-
SSDEEP
1536:ANbpjuef59j7k63wQ4bW5I7oh6W5JGadn8Pr6/:cVjuebDGbWp66J/aPW/
Static task
static1
Behavioral task
behavioral1
Sample
Vanta.zip
Resource
win11-20240426-en
Behavioral task
behavioral2
Sample
Vanta/READ ME .txt
Resource
win11-20240426-en
Malware Config
Extracted
xworm
-
Install_directory
%ProgramData%
-
install_file
dwm.exe
-
pastebin_url
https://pastebin.com/raw/dkjTMnwm
Targets
-
-
Target
Vanta.zip
-
Size
66KB
-
MD5
365ec42fb280de0735990095182e7e84
-
SHA1
6e64ecac43849d9c6cbfad0b41d16e8c26e29752
-
SHA256
3acf3a6cf0e3b5a83e56b562becffdae8ae5c91d0b33d333b191e248e8b1310d
-
SHA512
bd99c0e1954f2068d707983aa06c1429c6400ae5e53e80ba76554875753335eb2f1f9d55450e45ae3719f3caa6887ad0cf93ba077af66fd351526836452f42e3
-
SSDEEP
1536:ANbpjuef59j7k63wQ4bW5I7oh6W5JGadn8Pr6/:cVjuebDGbWp66J/aPW/
Score1/10 -
-
-
Target
Vanta/READ ME .txt
-
Size
435B
-
MD5
6efe094bd215941cd74b3eb47d30e301
-
SHA1
eebfa94a70f408a8d738739796e497cfb6aca71c
-
SHA256
a11c9892a2bdf0dc6506e4289b8fb05ab1f3e6207d66c56fe7a3ef338b1af6f0
-
SHA512
d701bda07f95c41f8691d976ba793fb9f2b2dbaad736e2185abffa31278226025be31920678266639a419a9ec3573bfb251892acc2d7eb0637521728d6e7abd3
Score3/10 -
-
-
Target
Vanta/VantaLoader.bat
-
Size
102KB
-
MD5
ab0f515c8964c240e4360f2da7fde50d
-
SHA1
13dccd2340cce1e4ca961888b96eb034d5faf1d0
-
SHA256
4757b8de068c022b45332910210f40c01fa731fc9eab2da0f403f31f5e22dd76
-
SHA512
d4410546ed30154c7b980a68925d9c9f45b52fd260603f1d6539777cf80233f9bcd5b9c340c52405259d28e9d20b81ad1c1d46c0c34eb4c6cb97cab5399be8f1
-
SSDEEP
3072:mEH8dKtLuent7vprpnYFVMolbvoMeSQcISltvp6:mEHgqbn5VpnybscISC
-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-