Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    peepeemonster.exe

  • Size

    81KB

  • Sample

    240603-rkzrcshb8x

  • MD5

    fc5e9d5c2fd3a2864e889a60c64a3f9f

  • SHA1

    216f69bb7b4c97c3c19d91cc2c0f410783fd661e

  • SHA256

    7e1c2e3a716890993addd3604b267907b60e8d5c0a55e1428515777b73137b53

  • SHA512

    1ac5e3b42acfd7d2504589f9c06f1e2fea5ba9682fef5d18a073a2af209630567cdce0478d373a1474c20d53d830dc75a58b688c7f649d687763b89bbb40976b

  • SSDEEP

    1536:luE+uvqIX09IsIoqpNWnAtcRbQlHEctxnwi8JfDn+cYurOZtSFxmjHRW:wUq4JdoqpttcRbQlHQkcYEOvQyW

Malware Config

Extracted

Family

xworm

C2

104.28.242.8:7000

Attributes
  • Install_directory

    %ProgramData%

  • install_file

    ..exe

Targets

    • Target

      peepeemonster.exe

    • Size

      81KB

    • MD5

      fc5e9d5c2fd3a2864e889a60c64a3f9f

    • SHA1

      216f69bb7b4c97c3c19d91cc2c0f410783fd661e

    • SHA256

      7e1c2e3a716890993addd3604b267907b60e8d5c0a55e1428515777b73137b53

    • SHA512

      1ac5e3b42acfd7d2504589f9c06f1e2fea5ba9682fef5d18a073a2af209630567cdce0478d373a1474c20d53d830dc75a58b688c7f649d687763b89bbb40976b

    • SSDEEP

      1536:luE+uvqIX09IsIoqpNWnAtcRbQlHEctxnwi8JfDn+cYurOZtSFxmjHRW:wUq4JdoqpttcRbQlHQkcYEOvQyW

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks