Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

10/05/2024, 10:59

240510-m3tkvadh53 10

12/04/2024, 19:47

240412-yhv4qage8z 10

12/04/2024, 19:41

240412-yebwnsge5t 10

General

  • Target

    https://oxy.name/d/pFlh

  • Sample

    240510-m3tkvadh53

Malware Config

Targets

    • Target

      https://oxy.name/d/pFlh

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks