Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
InstallerVbs.vbs
-
Size
104KB
-
Sample
240510-yfezqahb34
-
MD5
bc89449faa6c9e7bb2957178b31866ba
-
SHA1
1e36383ec2124b42c951047dad01dd19d1f16ffd
-
SHA256
750ba2dad733bc591d8e9d2354db33cb4a86d878c5e138419d5af4a899326111
-
SHA512
87db7826c7f701658b782f3542f2bc2b6dd2f153181c770d0bc4c63c3300c10bf33f364590a94ae9d189b4028e965d0ede13ed3a9078a0b58e278ad6390da44f
-
SSDEEP
3072:vx1nBT1JXFLckxCBv8I0o59j/cDJUt3YU6b/T0rCUdv47:ZF9CNt/QUVYUsQCUdv47
Static task
static1
Behavioral task
behavioral1
Sample
InstallerVbs.vbs
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
InstallerVbs.vbs
Resource
win11-20240508-en
Malware Config
Extracted
xworm
mike-algebra.gl.at.ply.gg:55575
-
Install_directory
%AppData%
-
install_file
XClient.exe
Targets
-
-
Target
InstallerVbs.vbs
-
Size
104KB
-
MD5
bc89449faa6c9e7bb2957178b31866ba
-
SHA1
1e36383ec2124b42c951047dad01dd19d1f16ffd
-
SHA256
750ba2dad733bc591d8e9d2354db33cb4a86d878c5e138419d5af4a899326111
-
SHA512
87db7826c7f701658b782f3542f2bc2b6dd2f153181c770d0bc4c63c3300c10bf33f364590a94ae9d189b4028e965d0ede13ed3a9078a0b58e278ad6390da44f
-
SSDEEP
3072:vx1nBT1JXFLckxCBv8I0o59j/cDJUt3YU6b/T0rCUdv47:ZF9CNt/QUVYUsQCUdv47
Score10/10-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-