Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
nigger.exe
-
Size
58KB
-
Sample
240502-3h127abd63
-
MD5
abb96dc265c42a9e9357b69cd911ffce
-
SHA1
96a3619977f5b58a1cede6b960adca942e82d4e6
-
SHA256
53fa4aaf3bd78521f9d402d0c793078353e6ff8f9d0ff7efcd8c686c79c69560
-
SHA512
c56af566bb3ddf2731daa2a74936f0500b32ee36bd8184ee7c17924c9ed730b64bd4552a91fc55b870754e49196a30e6d414ba77bee960b18d4c9136e51087fb
-
SSDEEP
1536:Bvf7dvzwTr1JVEUrq1xLAhhaL5b7JkbutjkfZNJN99Opv8gJaed:Bvf8CUrqMhILjkbu4Nn99OpEgTd
Behavioral task
behavioral1
Sample
nigger.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
nigger.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
xworm
dc-coleman.gl.at.ply.gg:42550
-
Install_directory
%AppData%
-
install_file
runbroker300.exe
Targets
-
-
Target
nigger.exe
-
Size
58KB
-
MD5
abb96dc265c42a9e9357b69cd911ffce
-
SHA1
96a3619977f5b58a1cede6b960adca942e82d4e6
-
SHA256
53fa4aaf3bd78521f9d402d0c793078353e6ff8f9d0ff7efcd8c686c79c69560
-
SHA512
c56af566bb3ddf2731daa2a74936f0500b32ee36bd8184ee7c17924c9ed730b64bd4552a91fc55b870754e49196a30e6d414ba77bee960b18d4c9136e51087fb
-
SSDEEP
1536:Bvf7dvzwTr1JVEUrq1xLAhhaL5b7JkbutjkfZNJN99Opv8gJaed:Bvf8CUrqMhILjkbu4Nn99OpEgTd
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-