Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    nigge.exe

  • Size

    35KB

  • Sample

    240615-qaywmsvgqm

  • MD5

    dc402cf5b6e9ba34933a0da7802ff5b5

  • SHA1

    de8c2ed0afafc0d61fd21d73763560cb71fc8fe4

  • SHA256

    8bf5e308b0177cdf90a1f265d253a5f793b18e4ab6c1d8d8e4eb17e65f62ad0d

  • SHA512

    e161bdc2c946df79457ef6d55a71050ea17d80acb7161de64348fa0a73e41a2b5ff08efaca2c2bec9618e29624ddabf0e65db1d2451ec846d6a1c3485b034483

  • SSDEEP

    768:6oHv9ouQGVG0hiQfCYzZ4mVFy+9FmOjhbOED:6oHloqG0hVa6Z48Ff9FmOjL

Malware Config

Extracted

Family

xworm

Version

5.0

C2

modern-educators.gl.at.ply.gg:23695

Mutex

rXjPraooKQvjlW7I

Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

aes.plain

Targets

    • Target

      nigge.exe

    • Size

      35KB

    • MD5

      dc402cf5b6e9ba34933a0da7802ff5b5

    • SHA1

      de8c2ed0afafc0d61fd21d73763560cb71fc8fe4

    • SHA256

      8bf5e308b0177cdf90a1f265d253a5f793b18e4ab6c1d8d8e4eb17e65f62ad0d

    • SHA512

      e161bdc2c946df79457ef6d55a71050ea17d80acb7161de64348fa0a73e41a2b5ff08efaca2c2bec9618e29624ddabf0e65db1d2451ec846d6a1c3485b034483

    • SSDEEP

      768:6oHv9ouQGVG0hiQfCYzZ4mVFy+9FmOjhbOED:6oHloqG0hVa6Z48Ff9FmOjL

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Drops startup file

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks