Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Vanta.zip

  • Size

    66KB

  • Sample

    240430-tp48racf44

  • MD5

    365ec42fb280de0735990095182e7e84

  • SHA1

    6e64ecac43849d9c6cbfad0b41d16e8c26e29752

  • SHA256

    3acf3a6cf0e3b5a83e56b562becffdae8ae5c91d0b33d333b191e248e8b1310d

  • SHA512

    bd99c0e1954f2068d707983aa06c1429c6400ae5e53e80ba76554875753335eb2f1f9d55450e45ae3719f3caa6887ad0cf93ba077af66fd351526836452f42e3

  • SSDEEP

    1536:ANbpjuef59j7k63wQ4bW5I7oh6W5JGadn8Pr6/:cVjuebDGbWp66J/aPW/

Score
10/10

Malware Config

Extracted

Family

xworm

Attributes
  • Install_directory

    %ProgramData%

  • install_file

    dwm.exe

  • pastebin_url

    https://pastebin.com/raw/dkjTMnwm

Targets

    • Target

      Vanta.zip

    • Size

      66KB

    • MD5

      365ec42fb280de0735990095182e7e84

    • SHA1

      6e64ecac43849d9c6cbfad0b41d16e8c26e29752

    • SHA256

      3acf3a6cf0e3b5a83e56b562becffdae8ae5c91d0b33d333b191e248e8b1310d

    • SHA512

      bd99c0e1954f2068d707983aa06c1429c6400ae5e53e80ba76554875753335eb2f1f9d55450e45ae3719f3caa6887ad0cf93ba077af66fd351526836452f42e3

    • SSDEEP

      1536:ANbpjuef59j7k63wQ4bW5I7oh6W5JGadn8Pr6/:cVjuebDGbWp66J/aPW/

    Score
    1/10
    • Target

      Vanta/READ ME .txt

    • Size

      435B

    • MD5

      6efe094bd215941cd74b3eb47d30e301

    • SHA1

      eebfa94a70f408a8d738739796e497cfb6aca71c

    • SHA256

      a11c9892a2bdf0dc6506e4289b8fb05ab1f3e6207d66c56fe7a3ef338b1af6f0

    • SHA512

      d701bda07f95c41f8691d976ba793fb9f2b2dbaad736e2185abffa31278226025be31920678266639a419a9ec3573bfb251892acc2d7eb0637521728d6e7abd3

    Score
    3/10
    • Target

      Vanta/VantaLoader.bat

    • Size

      102KB

    • MD5

      ab0f515c8964c240e4360f2da7fde50d

    • SHA1

      13dccd2340cce1e4ca961888b96eb034d5faf1d0

    • SHA256

      4757b8de068c022b45332910210f40c01fa731fc9eab2da0f403f31f5e22dd76

    • SHA512

      d4410546ed30154c7b980a68925d9c9f45b52fd260603f1d6539777cf80233f9bcd5b9c340c52405259d28e9d20b81ad1c1d46c0c34eb4c6cb97cab5399be8f1

    • SSDEEP

      3072:mEH8dKtLuent7vprpnYFVMolbvoMeSQcISltvp6:mEHgqbn5VpnybscISC

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks