Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
feather.exe
-
Size
166KB
-
Sample
240530-tl2y8afa42
-
MD5
fad02083c3a1d764db408e919d1430ef
-
SHA1
f0e36f0c51e259bb801c1b53767b4d2b70e62ac2
-
SHA256
f4cbcc2254e8b74d272b7148322a08159d4e4293fa825cb7547e319fff13ca8d
-
SHA512
108ed0ebf60ab3ba4b5ff9a39156278a13200b8854a5e520bca1a7e5a6ec04e674cd7633deb67657fbc32488a3d31490c4dd03ef14f541f906f067338646c56c
-
SSDEEP
3072:09AtuJ3r8fHevWOVj2VFPTUuRKNhzvpLXLTrfQVCaA0i:096uJ3rSpbPXRKNdpLXLTzQVCaA0
Static task
static1
Malware Config
Extracted
xworm
19.ip.gl.ply.gg:38173
-
Install_directory
%Userprofile%
-
install_file
Runtime Broker.exe
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
127.0.0.1:38173
epykvfetbqzwboxh
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
feather.exe
-
Size
166KB
-
MD5
fad02083c3a1d764db408e919d1430ef
-
SHA1
f0e36f0c51e259bb801c1b53767b4d2b70e62ac2
-
SHA256
f4cbcc2254e8b74d272b7148322a08159d4e4293fa825cb7547e319fff13ca8d
-
SHA512
108ed0ebf60ab3ba4b5ff9a39156278a13200b8854a5e520bca1a7e5a6ec04e674cd7633deb67657fbc32488a3d31490c4dd03ef14f541f906f067338646c56c
-
SSDEEP
3072:09AtuJ3r8fHevWOVj2VFPTUuRKNhzvpLXLTrfQVCaA0i:096uJ3rSpbPXRKNdpLXLTzQVCaA0
-
Detect Xworm Payload
-
Async RAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-