Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

password.txt.lnk

windows10-1703-x64

10

password.txt.lnk

windows7-x64

8

password.txt.lnk

windows10-2004-x64

10

password.txt.lnk

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    password.txt.lnk

  • Size

    1KB

  • Sample

    240516-lses9seg3y

  • MD5

    a8d941db4a8f2301c661abff9d0121fa

  • SHA1

    df5ccb18e15bea95a0b9588cf113e4219b15fe22

  • SHA256

    3488fe12c3493039d9eddabf5fb04bf9bb3a54bcd591ab911857b602c85f2e66

  • SHA512

    1f945f0ffea07dae942cc218ea603d9e8a21921513380c71c6a8b81ec88a6d955f4dd8ef6ac966248c0983872ef6e9fd88d866e1387fedb72e77b12c437eed2c

Score
10/10
xwormexecutionrattrojan

Malware Config

Targets

    • Target

      password.txt.lnk

    • Size

      1KB

    • MD5

      a8d941db4a8f2301c661abff9d0121fa

    • SHA1

      df5ccb18e15bea95a0b9588cf113e4219b15fe22

    • SHA256

      3488fe12c3493039d9eddabf5fb04bf9bb3a54bcd591ab911857b602c85f2e66

    • SHA512

      1f945f0ffea07dae942cc218ea603d9e8a21921513380c71c6a8b81ec88a6d955f4dd8ef6ac966248c0983872ef6e9fd88d866e1387fedb72e77b12c437eed2c

    Score
    10/10
    xwormexecutionrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks