Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Deanonn by nazar 2024!!! +key.exe
-
Size
67KB
-
Sample
240530-ms4casee7x
-
MD5
eafc6737830999d00a40a86049561243
-
SHA1
a93b09e934e340f533c2d6b4ddc7b6cb85773e5b
-
SHA256
ac86f775c65dffbaa91ad0dd4777d10feffef7f0088e73300940953f26a479d7
-
SHA512
88137c28e1f618fc4fbbd2dc386c83b965cfab5c215d9277eb67afa14fd5c9d61f914c033dc24698c13fae435419f3843313086e35737ee38769a54f31613183
-
SSDEEP
1536:7flEdkZzr89H2WwvAU6fFBxlTbeUgDf/c6gKO894Vj7cEgP:7f3w6297xbeVDf/bO8CVjvO
Behavioral task
behavioral1
Sample
Deanonn by nazar 2024!!! +key.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
Deanonn by nazar 2024!!! +key.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
xworm
registered-martial.gl.at.ply.gg:62460
-
Install_directory
%Temp%
-
install_file
XClient.exe
Targets
-
-
Target
Deanonn by nazar 2024!!! +key.exe
-
Size
67KB
-
MD5
eafc6737830999d00a40a86049561243
-
SHA1
a93b09e934e340f533c2d6b4ddc7b6cb85773e5b
-
SHA256
ac86f775c65dffbaa91ad0dd4777d10feffef7f0088e73300940953f26a479d7
-
SHA512
88137c28e1f618fc4fbbd2dc386c83b965cfab5c215d9277eb67afa14fd5c9d61f914c033dc24698c13fae435419f3843313086e35737ee38769a54f31613183
-
SSDEEP
1536:7flEdkZzr89H2WwvAU6fFBxlTbeUgDf/c6gKO894Vj7cEgP:7f3w6297xbeVDf/bO8CVjvO
Score10/10-
Detect Xworm Payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-