Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
XClient.exe
-
Size
59KB
-
Sample
240530-ywwx6shb2s
-
MD5
d172c0a4ae3e8cef6a0a910bde62e195
-
SHA1
51139fc633fe81a66c8ed55081f92ec5256bd0bd
-
SHA256
94b65da2b5cc3728547f892a46e9c48c5d54477d10ea8e210304593acd3568e7
-
SHA512
d82c930a42fd623aeee51007453d201e96110b546f1fb34080fc6d4c1488d71b3828f5f1833d347993444e4d332aa00fbb7b8922fce676d220375470ad0fa467
-
SSDEEP
1536:9vv68xQQodoW8YTK6uDkbrfSVxwXSOqQ+k:1vjWQoGJYTK6CkbrfHSOqQ+k
Behavioral task
behavioral1
Sample
XClient.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
XClient.exe
Resource
win7-20240508-en
Behavioral task
behavioral3
Sample
XClient.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral4
Sample
XClient.exe
Resource
win11-20240426-en
Malware Config
Extracted
xworm
length-desert.gl.at.ply.gg:58023
%AppData%:9
-
Install_directory
%AppData%
-
install_file
USB.exe
Targets
-
-
Target
XClient.exe
-
Size
59KB
-
MD5
d172c0a4ae3e8cef6a0a910bde62e195
-
SHA1
51139fc633fe81a66c8ed55081f92ec5256bd0bd
-
SHA256
94b65da2b5cc3728547f892a46e9c48c5d54477d10ea8e210304593acd3568e7
-
SHA512
d82c930a42fd623aeee51007453d201e96110b546f1fb34080fc6d4c1488d71b3828f5f1833d347993444e4d332aa00fbb7b8922fce676d220375470ad0fa467
-
SSDEEP
1536:9vv68xQQodoW8YTK6uDkbrfSVxwXSOqQ+k:1vjWQoGJYTK6CkbrfHSOqQ+k
Score10/10-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-