Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
20240517d9456bbb0c30222c673c9205375f5859snatch.bin
-
Size
4.8MB
-
Sample
240517-vqxezahh8t
-
MD5
d9456bbb0c30222c673c9205375f5859
-
SHA1
1d99cfb5272f0c07ffba97135073968fc1454f88
-
SHA256
945398c017348a3ddd4dbea5c7920f120ce2bed2a2bad117ad4be7258668218a
-
SHA512
f18dfdd983ff46a60fbd8102aba350971502fa3c2c78f5dcec09893d38e7369134de6ea1d490f87314fcb885981313d58306b8e8a5fd26c1664e877cf1910f35
-
SSDEEP
49152:xJqRbtKTC/Mx7NieQvCs7VOxDIt5E9id0HoCYtnl/4z6PZN:b8JKTXx7Ns70x2EPmh4O
Static task
static1
Behavioral task
behavioral1
Sample
20240517d9456bbb0c30222c673c9205375f5859snatch.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
20240517d9456bbb0c30222c673c9205375f5859snatch.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
xworm
5.0
Targets
-
-
Target
20240517d9456bbb0c30222c673c9205375f5859snatch.bin
-
Size
4.8MB
-
MD5
d9456bbb0c30222c673c9205375f5859
-
SHA1
1d99cfb5272f0c07ffba97135073968fc1454f88
-
SHA256
945398c017348a3ddd4dbea5c7920f120ce2bed2a2bad117ad4be7258668218a
-
SHA512
f18dfdd983ff46a60fbd8102aba350971502fa3c2c78f5dcec09893d38e7369134de6ea1d490f87314fcb885981313d58306b8e8a5fd26c1664e877cf1910f35
-
SSDEEP
49152:xJqRbtKTC/Mx7NieQvCs7VOxDIt5E9id0HoCYtnl/4z6PZN:b8JKTXx7Ns70x2EPmh4O
Score10/10-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-