Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
loader-upd.bat
-
Size
295KB
-
Sample
240430-x39beagb29
-
MD5
e0b1638feea307a3afbeacaec7fd506c
-
SHA1
16d849c8f90412a612e1fc0eed6e406f076d4099
-
SHA256
34f1b41e2547cf79b54e6b174f7b9b2be3f918fa52e831606f58de55513df91e
-
SHA512
795e2418636e320eb8cd381066ac5ef4ef479b770d1bab1a7221aba15d7fa9e7d54b996dac1b93fa9068e57c5ee369fd5024ce916c6de07e48f1ff8d51863a5e
-
SSDEEP
6144:yll7goJPFab7YvftLMYUQK4UHF8WkA0dXTwxl:MlnabilLMYHbTDlSl
Static task
static1
Behavioral task
behavioral1
Sample
loader-upd.bat
Resource
win11-20240419-en
Malware Config
Extracted
xworm
-
Install_directory
%Public%
-
install_file
svchost.exe
-
pastebin_url
https://pastebin.com/raw/UWpQULMP
Targets
-
-
Target
loader-upd.bat
-
Size
295KB
-
MD5
e0b1638feea307a3afbeacaec7fd506c
-
SHA1
16d849c8f90412a612e1fc0eed6e406f076d4099
-
SHA256
34f1b41e2547cf79b54e6b174f7b9b2be3f918fa52e831606f58de55513df91e
-
SHA512
795e2418636e320eb8cd381066ac5ef4ef479b770d1bab1a7221aba15d7fa9e7d54b996dac1b93fa9068e57c5ee369fd5024ce916c6de07e48f1ff8d51863a5e
-
SSDEEP
6144:yll7goJPFab7YvftLMYUQK4UHF8WkA0dXTwxl:MlnabilLMYHbTDlSl
Score10/10-
Detect Xworm Payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-