Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
XClient.exe
-
Size
217KB
-
Sample
240616-k8xtcaxgqg
-
MD5
aafb349d724a1b6ee29e233ce3de9fe2
-
SHA1
6273688fc2a2f1216c4eab81232d03c65cd4745f
-
SHA256
3004ad4cc1142ca3483bba1a3e5c2244802c0d2df43ba3c066056e2ba8ef1046
-
SHA512
533af2f1093638fb181e43c9b12ff3e0fa4f599c824b1ec31181f86306cf7d626820a5cf7e70908cb21d77d91d7e6b7b09c696e056092fe3de0eb273f1d81618
-
SSDEEP
1536:ZZrLnQSYxHCNJ9SEX+b8oeEVy6D5O3A8wunl+g5zU730/jyY:ZFQxHCNPD+b8+7O3AJC+L3HY
Behavioral task
behavioral1
Sample
XClient.exe
Resource
win7-20240220-en
Malware Config
Extracted
xworm
20.ip.gl.ply.gg:25725
<Xwormmm>:123
-
Install_directory
%Temp%
-
install_file
chiacago.exe
-
telegram
https://api.telegram.org/bot7378508941:AAFi7xPXoDjOY7Whre_FGKytWzP0LZ_WBF8/sendMessage?chat_id=6877286426
Targets
-
-
Target
XClient.exe
-
Size
217KB
-
MD5
aafb349d724a1b6ee29e233ce3de9fe2
-
SHA1
6273688fc2a2f1216c4eab81232d03c65cd4745f
-
SHA256
3004ad4cc1142ca3483bba1a3e5c2244802c0d2df43ba3c066056e2ba8ef1046
-
SHA512
533af2f1093638fb181e43c9b12ff3e0fa4f599c824b1ec31181f86306cf7d626820a5cf7e70908cb21d77d91d7e6b7b09c696e056092fe3de0eb273f1d81618
-
SSDEEP
1536:ZZrLnQSYxHCNJ9SEX+b8oeEVy6D5O3A8wunl+g5zU730/jyY:ZFQxHCNPD+b8+7O3AJC+L3HY
Score10/10-
Detect Xworm Payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-