Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
XClient.exe
-
Size
183KB
-
Sample
240526-c2sxtace64
-
MD5
2b2588dbc679d917268e4ec17783db91
-
SHA1
5d3d9b5e548972155ebf7fb8506eeb87ee8d1c85
-
SHA256
a089baba4b046b231c5008343025b97f47bab795bdebd0fb47c608053ba4d8b8
-
SHA512
11615bbf4477ad683b5cfd5ecf1fbffb7ec957a76b47c012de67f7540ac26b42e63c965cbc028da9430a43f340b4889c5b80de416f83364d6b8d1783c41f4c86
-
SSDEEP
3072:JMf71a4l72Me/sigR1b60M7MDVOyFMgBz65/M6If+3Js+3JFkKeTno:JyPrbjM7KxBt25
Malware Config
Extracted
xworm
-
Install_directory
%AppData%
-
install_file
Spoofer.exe
Targets
-
-
Target
XClient.exe
-
Size
183KB
-
MD5
2b2588dbc679d917268e4ec17783db91
-
SHA1
5d3d9b5e548972155ebf7fb8506eeb87ee8d1c85
-
SHA256
a089baba4b046b231c5008343025b97f47bab795bdebd0fb47c608053ba4d8b8
-
SHA512
11615bbf4477ad683b5cfd5ecf1fbffb7ec957a76b47c012de67f7540ac26b42e63c965cbc028da9430a43f340b4889c5b80de416f83364d6b8d1783c41f4c86
-
SSDEEP
3072:JMf71a4l72Me/sigR1b60M7MDVOyFMgBz65/M6If+3Js+3JFkKeTno:JyPrbjM7KxBt25
-
Detect Xworm Payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-