Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Bygay_ultimate.rar
-
Size
1.8MB
-
Sample
240613-pks8gaserm
-
MD5
16e56dac26729b8497e94c783d1da51c
-
SHA1
403627871114c6ead5a309c5d00f901275955c7d
-
SHA256
b8881c5fd0fcc6e6c8ad41ecdf54da3de08e96f490f250a5b1ce359dd0d44289
-
SHA512
a4166e8ea7f324a7eaa5c30d780871cdc73a8c4893685b055de784cd254063ca502429d47fa15e8c30cdfdc5c2c6ec5eb127373f45d44206409e1d8cff3df444
-
SSDEEP
49152:xVQZUCUoDo7KsRP4cYRfTs3yjBYvn4oKP/OtKFs:yUfThP4RfTs3UBE4/PiKFs
Malware Config
Extracted
xworm
should-nutritional.gl.at.ply.gg:22817
-
Install_directory
%Temp%
-
install_file
svchost.exe
Targets
-
-
Target
ByGay ultimate/Bygay Ultimate.exe
-
Size
93KB
-
MD5
5c6cc16ec6bf96db420bf12c6130f962
-
SHA1
758fc86c11e6aa95b5de199cf14cfa7b0735e9ae
-
SHA256
1fc65606ef277bd5038650489f23a9328254dd01bf9d26239979f467be32d055
-
SHA512
2aaa5d582d8461365d6588349c0c92a0a6996721e73c7641d0fbb8bad8f663d74ed46a2a1bb23403aee165a9d4f8314b7b9ca64b045f731f46ec221981c2a49b
-
SSDEEP
1536:oVo+jFEDfT+KlLEBG/MG20fBXvHQqCT9G944d/yzrruahBH+8JJS9n:oVtjiDBLhMCBXo9G944d/yjuahB+87Q
Score10/10-
Detect Xworm Payload
-
Xworm
Xworm is a remote access trojan written in C#.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
ByGay ultimate/Cheat engine.exe
-
Size
389KB
-
MD5
f921416197c2ae407d53ba5712c3930a
-
SHA1
6a7daa7372e93c48758b9752c8a5a673b525632b
-
SHA256
e31b233ddf070798cc0381cc6285f6f79ea0c17b99737f7547618dcfd36cdc0e
-
SHA512
0139efb76c2107d0497be9910836d7c19329e4399aa8d46bbe17ae63d56ab73004c51b650ce38d79681c22c2d1b77078a7d7185431882baf3e7bef473ac95dce
-
SSDEEP
12288:G0N02KsbnIU70vYrRHAjC0Y0glwgugEnoSE5jq:U2tIUYArRv0Y0glwgugEnoSE5jq
Score1/10 -
-
-
Target
ByGay ultimate/allochook-i386.dll
-
Size
328KB
-
MD5
19d52868c3e0b609dbeb68ef81f381a9
-
SHA1
ce365bd4cf627a3849d7277bafbf2f5f56f496dc
-
SHA256
b96469b310ba59d1db320a337b3a8104db232a4344a47a8e5ae72f16cc7b1ff4
-
SHA512
5fbd53d761695de1dd6f0afd0964b33863764c89692345cab013c0b1b6332c24dcf766028f305cc87d864d17229d7a52bf19a299ca136a799053c368f21c8926
-
SSDEEP
3072:6LYEDJlXw5pAnHp2ukwTX6N8B4A84zMtEl1knxgaPZ3nbanlYZn2l1S2CAYOpIOs:6LYEDJAAnHp2uk2KNO0tEQV+b3n6
Score1/10 -
-
-
Target
ByGay ultimate/allochook-x86_64.dll
-
Size
468KB
-
MD5
daa81711ad1f1b1f8d96dc926d502484
-
SHA1
7130b241e23bede2b1f812d95fdb4ed5eecadbfd
-
SHA256
8422be70e0ec59c962b35acf8ad80671bcc8330c9256e6e1ec5c07691388cd66
-
SHA512
9eaa8e04ad7359a30d5e2f9256f94c1643d4c3f3c0dff24d6cd9e31a6f88cb3b470dd98f01f8b0f57bb947adc3d45c35749ed4877c7cbbbcc181145f0c361065
-
SSDEEP
6144:Tch6UtcJYg8yRAkB+vsoqOvfkv+y3ilZkaCeMG:e6Utc6gdcfkv+KIR
Score1/10 -
-
-
Target
ByGay ultimate/ced3d10hook.dll
-
Size
128KB
-
MD5
43dac1f3ca6b48263029b348111e3255
-
SHA1
9e399fddc2a256292a07b5c3a16b1c8bdd8da5c1
-
SHA256
148f12445f11a50efbd23509139bf06a47d453e8514733b5a15868d10cc6e066
-
SHA512
6e77a429923b503fc08895995eb8817e36145169c2937dacc2da92b846f45101846e98191aeb4f0f2f13fff05d0836aa658f505a04208188278718166c5e3032
-
SSDEEP
1536:jRXPVJPMo10+PfXl/IRTlsfQstLh66crJWeWyPCUpfrCWV13P1+CUOEvCvOEMI7:BdJPMlMb1g6e0dU9rf3P7UObvOja
Score1/10 -
-
-
Target
ByGay ultimate/ced3d10hook64.dll
-
Size
140KB
-
MD5
0daf9f07847cceb0f0760bf5d770b8c1
-
SHA1
992cc461f67acea58a866a78b6eefb0cbcc3aaa1
-
SHA256
a2ac2ba27b0ed9acc3f0ea1bef9909a59169bc2eb16c979ef8e736a784bf2fa4
-
SHA512
b4dda28721de88a372af39d4dfba6e612ce06cc443d6a6d636334865a9f8ca555591fb36d9829b54bc0fb27f486d4f216d50f68e1c2df067439fe8ebbf203b6a
-
SSDEEP
3072:Kd3u82FbW5v1B9omLKfBbYWFhFCsfa5z8saPFZ1sL3OD1Ow:Kd+NFbWUMKfBTjFxfa5a1y4N
Score1/10 -
-
-
Target
ByGay ultimate/ced3d11hook.dll
-
Size
137KB
-
MD5
42e2bf4210f8126e3d655218bd2af2e4
-
SHA1
78efcb9138eb0c800451cf2bcc10e92a3adf5b72
-
SHA256
1e30126badfffb231a605c6764dd98895208779ef440ea20015ab560263dd288
-
SHA512
c985988d0832ce26337f774b160ac369f2957c306a1d82fbbffe87d9062ae5f3af3c1209768cd574182669cd4495dba26b6f1388814c0724a7812218b0b8dc74
-
SSDEEP
1536:onOLYqoZQBD3m7bmVLcuVGpGXlWXQznQN8erRxQEmsYOT1GlERbo3iV8n/7DkCWy:o4YqoZNHi7VBAXvXMZ7ll3iyn3WOR3Oc
Score1/10 -
-
-
Target
ByGay ultimate/ced3d11hook64.dll
-
Size
146KB
-
MD5
0eaac872aadc457c87ee995bbf45a9c1
-
SHA1
5e9e9b98f40424ad5397fc73c13b882d75499d27
-
SHA256
6f505cc5973687bbda1c2d9ac8a635d333f57c12067c54da7453d9448ab40b8f
-
SHA512
164d1e6ef537d44ac4c0fd90d3c708843a74ac2e08fa2b3f0fdd4a180401210847e0f7bb8ec3056f5dc1d5a54d3239c59fb37914ce7742a4c0eb81578657d24b
-
SSDEEP
3072:/20T06lYodB6ZcnHgSFulvfV0tYP/ipaQ8PFRBIiOBNOW:1Y6bdB6uHgSwtfV0+P/is1BIpD
Score1/10 -
-
-
Target
ByGay ultimate/ced3d9hook.dll
-
Size
124KB
-
MD5
5f1a333671bf167730ed5f70c2c18008
-
SHA1
c8233bbc6178ba646252c6566789b82a3296cab5
-
SHA256
fd2a2b4fe4504c56347c35f24d566cc0510e81706175395d0a2ba26a013c4daf
-
SHA512
6986d93e680b3776eb5700143fc35d60ca9dbbdf83498f8731c673f9fd77c8699a24a4849db2a273aa991b8289e4d6c3142bbde77e11f2faf603df43e8fea105
-
SSDEEP
1536:yq8Iw0TnMfrUEuKo+w/lT35oBqhSw3kmuqW3Crf0d3N1NsCeOEy6jCMpOEsC:yq8IdTMTyXUR2JJry3NreOnMpOu
Score1/10 -
-
-
Target
ByGay ultimate/ced3d9hook64.dll
-
Size
136KB
-
MD5
61ba5199c4e601fa6340e46bef0dff2d
-
SHA1
7c1a51d6d75b001ba1acde2acb0919b939b392c3
-
SHA256
8783f06f7b123e16042bb0af91ff196b698d3cd2aa930e3ea97cfc553d9fc0f4
-
SHA512
8ce180a622a5788bb66c5f3a4abfde62c858e86962f29091e9c157753088ddc826c67c51ff26567bfe2b75737897f14e6bb17ec89f52b525f6577097f1647d31
-
SSDEEP
3072:6UoPePVhoZB34/UWFdQomnRepTPFn35eoONSO2:j8ZBvWrnmnR2Un+
Score1/10 -
-
-
Target
ByGay ultimate/d3dhook.dll
-
Size
119KB
-
MD5
2a2ebe526ace7eea5d58e416783d9087
-
SHA1
5dabe0f7586f351addc8afc5585ee9f70c99e6c4
-
SHA256
e2a7df4c380667431f4443d5e5fc43964b76c8fcb9cf4c7db921c4140b225b42
-
SHA512
94ed0038068abddd108f880df23422e21f9808ce04a0d14299aacc5d573521f52626c0c2752b314cda976f64de52c4d5bcac0158b37d43afb9bc345f31fdbbc0
-
SSDEEP
1536:QyfNvGKKZVGcuasOKQBBTff07PSZHCSVKOCDCA32XQaOCKnOEPChMOE6:lNvG7vGcIiBTMS18RD7325YO/hMOr
Score3/10 -
-
-
Target
ByGay ultimate/d3dhook64.dll
-
Size
131KB
-
MD5
2af7afe35ab4825e58f43434f5ae9a0f
-
SHA1
b67c51cad09b236ae859a77d0807669283d6342f
-
SHA256
7d82694094c1bbc586e554fa87a4b1ed6ebc9eb14902fd429824dcd501339722
-
SHA512
23b7c6db0cb9c918ad9f28fa0e4e683c7e2495e89a136b75b7e1be6380591da61b6fb4f7248191f28fd3d80c4a391744a96434b4ab96b9531b5ebb0ec970b9d0
-
SSDEEP
3072:ZGrrgbU27p/nFdpF/vwFLUjh2v5VjObfSVMPFtE8PdYO3kOc:crk3ZFdpRYUjh2verh6
Score1/10 -
-
-
Target
ByGay ultimate/libipt-32.dll
-
Size
157KB
-
MD5
df443813546abcef7f33dd9fc0c6070a
-
SHA1
635d2d453d48382824e44dd1e59d5c54d735ee2c
-
SHA256
d14911c838620251f7f64c190b04bb8f4e762318cc763d993c9179376228d8ca
-
SHA512
9f9bea9112d9db9bcecfc8e4800b7e8032efb240cbbddaf26c133b4ce12d27b47dc4e90bc339c561714bc972f6e809b2ec9c9e1facc6c223fbac66b089a14c25
-
SSDEEP
1536:K3uc99F6AOdjfTOZztxlGWGXLQbcpNk6FowD6QcEY7Xjl5hf8keDQa/c7usWjcd6:K3ukXTNGp7+6zaEY7Zf/a0ye3ZoOvKOS
Score1/10 -
-
-
Target
ByGay ultimate/libipt-64.dll
-
Size
182KB
-
MD5
4a3b7c52ef32d936e3167efc1e920ae6
-
SHA1
d5d8daa7a272547419132ddb6e666f7559dbac04
-
SHA256
26ede848dba071eb76c0c0ef8e9d8ad1c53dfab47ca9137abc9d683032f06ebb
-
SHA512
36d7f8a0a749de049a830cc8c8f0d3962d8dce57b445f5f3c771a86dd11aaa10da5f36f95e55d3dc90900e4dbddd0dcc21052c53aa11f939db691362c42e5312
-
SSDEEP
3072:XMTS4QqrM7BqUHEwXDVT6B8AF6aBBcFkLODeYJObCkEjOUkOG:XIQqrc7V5Trw6aBBcFk6CtbID4
Score1/10 -
-
-
Target
ByGay ultimate/libmikmod32.dll
-
Size
300KB
-
MD5
462322cc93e55016d5ea78b2b9823657
-
SHA1
3e8e00b690a4370d6f2dfdcf730f2d3fda4806a6
-
SHA256
aedc048fcfec594e7307e4730d850e5e0121820a76ca1a363f4a2e41d084f393
-
SHA512
a46e56130a8d1ca588d9935d98468543328b42492f1257157d2c7fd99ac341e8a22337ac2228aecf33a70913a7e7161b300bb458e1c07d5d0b94a7aa1dd72d79
-
SSDEEP
3072:3QMsoykzuYV4SPaa/Gr+RBmRQ5wipE04CIcFw6eAwE5Sm1Q5jsV+XkO4qOT:3NJyTuxkC57IZEzGmT
Score1/10 -
-
-
Target
ByGay ultimate/libmikmod64.dll
-
Size
331KB
-
MD5
a358dae60f1c0f6a633f98b1e4d3e850
-
SHA1
2016f1fb0f8000e515602498432951b7c5bc5aca
-
SHA256
25c648cfdb4cdbbb13630adc7c14f2bb556c98f5cd1dcbecaffa91629d2d4a4c
-
SHA512
879b5e95cf7f06e105930724bbc6967b367417dce390a15de48bf5ce76ce2435ea4a59095ab67eee5a05fa41126ddb984c2154aba34b33fac895a1ccc2d2a617
-
SSDEEP
6144:ZnVdQfxRaiC76I/wZGteu+WJrXeN6joNtMrvMl9u61s1JGTBHpMqdmgIIE5pY2B:jdsxs6I6k9MUoNt2vSs8KqdmgIIE/b
Score1/10 -
-
-
Target
ByGay ultimate/lua53-32.dll
-
Size
453KB
-
MD5
ad3f33bac8eadab224adaf4cf6d5b97a
-
SHA1
6ccfb97236c5ad3b48a3eb7a113e3e297422e808
-
SHA256
58b206ab9a3d84fdafb537b419f721ecdeade489707dbab227b043d5343db369
-
SHA512
c319a1c3d0d90afefd27dc0379c79e38993490ffa14cb281f419bc94fde5776cd7eab54351c57f6eaeebcacf7f965fa0b8a8dd67489e799fcd84d39393c62a3e
-
SSDEEP
12288:dBj8paX8fQ/T/md4OASZAOLRwRai6wXGn+hfy:dxLrLmd4OA4L8DXGnmy
Score3/10 -
-
-
Target
ByGay ultimate/lua53-64.dll
-
Size
528KB
-
MD5
b7c9f1e7e640f1a034be84af86970d45
-
SHA1
f795dc3d781b9578a96c92658b9f95806fc9bdde
-
SHA256
6d0a06b90213f082cb98950890518c0f08b9fc16dbfab34d400267cb6cdadeff
-
SHA512
da63992b68f1112c0d6b33e6004f38e85b3c3e251e0d5457cd63804a49c5aa05aa23249e0614dacad4fec28ca6efdb5ddee06da5bfbfa07e21942976201079f3
-
SSDEEP
6144:FshVOadaiL9mUHQMpgL8LgpqClZNKX6SumisBEb/NUidzSky3uDMK/LXTMBQqN5T:hOL9J2L8E5VKKSuLGEhXGstCXoYkc7BV
Score1/10 -
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scripting
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1