Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    loader-upd.bat

  • Size

    295KB

  • Sample

    240430-x39beagb29

  • MD5

    e0b1638feea307a3afbeacaec7fd506c

  • SHA1

    16d849c8f90412a612e1fc0eed6e406f076d4099

  • SHA256

    34f1b41e2547cf79b54e6b174f7b9b2be3f918fa52e831606f58de55513df91e

  • SHA512

    795e2418636e320eb8cd381066ac5ef4ef479b770d1bab1a7221aba15d7fa9e7d54b996dac1b93fa9068e57c5ee369fd5024ce916c6de07e48f1ff8d51863a5e

  • SSDEEP

    6144:yll7goJPFab7YvftLMYUQK4UHF8WkA0dXTwxl:MlnabilLMYHbTDlSl

Malware Config

Extracted

Family

xworm

Attributes
  • Install_directory

    %Public%

  • install_file

    svchost.exe

  • pastebin_url

    https://pastebin.com/raw/UWpQULMP

Targets

    • Target

      loader-upd.bat

    • Size

      295KB

    • MD5

      e0b1638feea307a3afbeacaec7fd506c

    • SHA1

      16d849c8f90412a612e1fc0eed6e406f076d4099

    • SHA256

      34f1b41e2547cf79b54e6b174f7b9b2be3f918fa52e831606f58de55513df91e

    • SHA512

      795e2418636e320eb8cd381066ac5ef4ef479b770d1bab1a7221aba15d7fa9e7d54b996dac1b93fa9068e57c5ee369fd5024ce916c6de07e48f1ff8d51863a5e

    • SSDEEP

      6144:yll7goJPFab7YvftLMYUQK4UHF8WkA0dXTwxl:MlnabilLMYHbTDlSl

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Executes dropped EXE

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks